CVE-2010-2554

Name of the Vulnerable Software and Affected Versions Microsoft Windows Vista versions SP1 through SP2 Microsoft Windows Server 2008 versions Gold through SP2 and R2 Microsoft Windows 7 (affected versions not specified)

Description The issue arises from incorrect access control lists (ACLs) on the registry keys for the Tracing Feature for Services in Microsoft Windows. This could allow an attacker to run code with elevated privileges, potentially leading to the execution of arbitrary code and complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Microsoft Windows Vista versions SP1 through SP2, update to a version with the correct ACLs on the registry keys for the Tracing Feature for Services. For Microsoft Windows Server 2008 versions Gold through SP2 and R2, update to a version with the correct ACLs on the registry keys for the Tracing Feature for Services. For Microsoft Windows 7, update to a version with the correct ACLs on the registry keys for the Tracing Feature for Services.