Microsoft Remote Registry Service Remote Code Execution Vulnerability. Successful exploitation of this vulnerability requires the attacker must be an authenticated user on the network who is a member of the performance log users group. Although this group defaults to only Administrators, it is possible for an Administrator to add other standard users to this group. A remote, authenticated attacker who is on the domain and a member of the performance log users group could exploit an integer overflow vulnerability within regsvc to execute arbitrary code on the server.