« previous next »
Pages: [1]

Author Topic: NVIDIA Patches High Severity GeForce Experience Vulnerability  (Read 294 times)

Offline javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35211
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
NVIDIA Patches High Severity GeForce Experience Vulnerability
« on: March 27, 2019, 10:22:57 AM »
NVIDIA released a security update for the NVIDIA GeForce Experience software for Windows to patch a vulnerability that could allow potential local attackers with basic user privileges to elevate privileges, trigger code execution, and perform denial-of-service (DoS) attacks.

While this vulnerability requires local user access and cannot be exploited remotely, would-be attackers could take advantage of them by planting malicious tools remotely using various means on a system running a vulnerable version of the NVIDIA GeForce Experience. 

Security issue rated as high severity by NVIDIA

Taking advantage of this vulnerability, bad actors can escalate their privileges thus making it possible to gain permissions beyond the ones initially granted by the system.

This would allow them to execute malicious code on the compromised systems and also to render vulnerable machines unusable by triggering a denial of service state.

The software flaw fixed by NVIDIA in detailed below, together with a full description and the assigned CVSS V3 Base Score.



The fixed security issue tracked as CVE-2019-5674 was reported by David Yesland of Rhino Security Labs, and it comes with a high severity rating and an 8.8 base score from NVIDIA.

Impacts all GeForce Experience versions prior to 3.18

CVE-2019-5674 affects Windows computers where a version of NVIDIA GeForce Experience prior to 3.18 is installed and ShadowPlay, NvContainer, or GameStream are enabled.

According to NVIDIA, the "risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. NVIDIA recommends consulting a security or IT professional to evaluate the risk to your specific configuration."

To apply the security update, NVIDIA GeForce Experience users can download the latest version from the GeForce Experience Downloads page, or launch the client on their Windows computers to have it applied using the built-in automatic update mechanism.

Last month, NVIDIA also released a security update for the NVIDIA GPU Display Driver software which patched eight security issues that could have lead to code execution, escalation of privileges, denial of service, or information disclosure on vulnerable Windows and Linux machines.

source
Logged

Pages: [1]
« previous next »