Last week Cisco confirmed that a flaw in its VOIP system could potentially allow attackers to remotely activate a desktop telephone microphone, allowing an attacker to listen in to conversations in the area of the location of the phone. While there are no known exploits of this attack, the news of this vulnerability should remind VOIP architects of the need to remain diligent in protecting themselves against potential threats. In the recently released Nemertes Issue Paper "VOIP Security: Threats and Mitigation Approaches" we noted that most enterprise IT executives were more worried about threats to underlying network infrastructure than to the VOIP systems themselves. While this approach is prudent given the known risks, VOIP managers should continue to monitor news sources for information on potential new threats to VOIP phones and servers.