"The exploit scenario would involve the speech recognition feature picking up commands through the microphone such as 'copy', 'delete', 'shutdown', etc. and acting on them," a Microsoft security researcher wrote on the team's official blog.
Some Vista users have already tested the exploit and were able to delete files and empty the trash can so that the documents were not retrievable.
Microsoft has said that even if the machine was primed to accept voice commands it would be unlikely the user would not be in the room to hear the file with malicious instructions being played.
The firm also said that voice commands could not be used for privileged functions such as creating a new user or formatting a drive.
"There are also additional barriers that would make an attack difficult including speaker and microphone placement, microphone feedback, and the clarity of the dictation," wrote the Microsoft researcher.
While speech recognition was a feature of Windows XP, in Vista the use has been widened.
"While we are taking the reports seriously and investigating them accordingly I am confident in saying that there is little if any need to worry about the effects of this issue on your new Windows Vista installation," said the researcher.
