Title

Multiple Vulnerabilities in Microsoft Windows Tracing Feature for Services (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing multiple vulnerabilities in Microsoft Windows Tracing Feature for Services. To exploit these vulnerabilities, an attacker would run a specially crafted malicious application on an affected system. If successfully exploited, these vulnerabilities would allow an attacker to execute arbitrary code and take complete control of an affected system. At this time, there are no known exploits associated with these vulnerabilities; USCYBERCOM is not aware of any DoD related incidents.incidents. Tracing Registry Key ACL Vulnerability - (CVE-2010-2554): An elevation of privilege vulnerability exists when Windows places incorrect access control lists (ACLs) on the registry keys for the Tracing Feature for Services. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Tracing Memory Corruption Vulnerability - (CVE-2010-2555): An elevation of privilege vulnerability exists due to the way that the Tracing Feature for Services allocates memory when processing specially crafted long strings from the registry. An attacker who successfully exploited this vulnerability could run arbitrary code with system-level privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-059 (982799). Vulnerable Applications/Systems: Windows Vista SP1 and SP2 (x86 and x64) Windows Server 2008 and Windows Server 2008 SP2 (x86*, x64* and Itanium) Windows 7 (x86 and x64) Windows Server 2008 R2 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Rtutils.dll Windows Vista SP1 / 2008 6.0.6001.18495 or 22715 Windows Vista SP2 / 2008 SP2 6.0.6002.18274 or 22427 Windows 7 and 2008 R2 Fixed by SP1 Windows 7 / 2008 R2 6.1.7600.16617 or 20738

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25074

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.