VYPR
← All advisories
High severity7.8NVD Advisory· Published Aug 11, 2010· Updated Apr 29, 2026

CVE-2010-2554

CVE-2010-2554

Description

Incorrect ACLs on registry keys in Windows Tracing Feature allow local users to gain privileges via named pipe impersonation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Incorrect ACLs on registry keys in Windows Tracing Feature allow local users to gain privileges via named pipe impersonation.

Vulnerability

The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys. This allows a local user to exploit the vulnerability via vectors involving a named pipe and impersonation. The vulnerability is publicly disclosed and affects all supported editions of the listed operating systems [1].

Exploitation

An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The attack cannot be performed remotely or by anonymous users. The attacker runs a specially crafted application that leverages the incorrect ACLs on the registry keys, using a named pipe and impersonation to gain elevated privileges [1].

Impact

Successful exploitation allows an attacker to elevate privileges on the affected system. The attacker can gain the ability to execute arbitrary code with elevated privileges, potentially leading to full control of the system [1].

Mitigation

Microsoft released security update MS10-059 on August 10, 2010, which addresses this vulnerability by correcting the manner in which tokens are obtained and the length of a string read from the registry is calculated. Customers with automatic updating enabled are protected automatically. Manual installation of the update is recommended for those without automatic updates [1]. No workarounds are documented in the available reference.

References
  1. Microsoft Security Bulletin MS10-059 - Important

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

14
  • Microsoft/Windows 7
    cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
  • Microsoft/Windows Server 20088 versions
    cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*+ 7 more
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • Microsoft/Windows5 versions
    cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
    • (no CPE)

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.