First published: Wed Aug 11 2010(Updated: )
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows 7 | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =r2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Windows Vista | =sp1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-2554 has a moderate severity rating due to the potential for local privilege escalation.
To fix CVE-2010-2554, apply the appropriate security updates provided by Microsoft as specified in their security bulletin MS10-059.
CVE-2010-2554 affects Microsoft Windows Vista SP1, SP2, Windows Server 2008, Windows 7, and Windows Server 2008 R2.
CVE-2010-2554 is a local privilege escalation vulnerability caused by improper access controls on registry keys.
No, CVE-2010-2554 requires local access to the system for exploitation.