The company said in a posting on the Microsoft Security Response Centre blog that an issue has been identified in which an attacker could use the speech recognition capability to cause the system to take "undesired actions".
"While it is technically possible, there are some things that should be considered when trying to determine the threat of exposure to your Windows Vista system," the posting said.
In order for the attack to be successful, Microsoft claimed that the targeted system would need to have the speech recognition feature previously activated and configured.
The system would also need to have speakers and a microphone installed and turned on.
The exploit would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete' or 'shutdown'.
The vulnerability relies on commands coming from an audio file being played through the speakers, and the actions taken would be visible to the user if they were in front of the PC during the attempted exploitation.
It is not possible through the use of voice commands to get the system to perform privileged functions, such as creating a user, without being prompted by Microsoft's User Account Control (UAC) for Administrator credentials.
"The UAC prompt cannot be manipulated by voice commands by default," said the blog posting.
"There are also additional barriers that would make an attack difficult, including speaker and microphone placement, microphone feedback and the clarity of the dictation."
- Green Party slams Windows Vista
- Bill Gates talks up Vista 'wow' factor
- Windows Vista security under fire
- Microsoft releases Vista and Office 2007
Delegates at the ESOF 2018 conference were warned that their perceptions of the digital age were coloured by private industry
Concept vehicle uses gas turbine technology to generate electricity
Fresh from the notes of Ming-Chi Kuo of TF International Securities
The largest and cleanest form of energy storage that currently exists