Critical Vulnerability Patched In NVIDIA GeForce Experience posed a severe threat to the gamers
By MYBRANDBOOK
A serious vulnerability in NVIDIA GeForce Experience posed a severe threat to the gamers. More specifically, the software vulnerability threatened users of Windows systems.
Reportedly, researcher, David Yesland from Rhino Security Labs, discovered a serious security flaw in NVIDIA GeForce Experience software. According to his findings, exploiting the vulnerability could lead to denial of service, privilege escalation, and even code execution. GeForce Experience is a supplementary application by NVIDIA installed alongside GeForce products for automatic game settings optimization and added functionality.
The researcher has shared his findings in a detailed blog post. As disclosed by Yesland, he observed an arbitrary file write vulnerability affecting the system. Describing in brief about the bug, he stated,
“This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation.”
Yesland has explained the technicalities associated with this flaw in his blog post. He has also demonstrated a detailed PoC in his blog post alongside a basic brief on Github.
NVIDIA Patched The Flaw
NVIDIA has also acknowledged Yesland’s findings for the vulnerability CVE‑2019‑5674. Explaining this vulnerability in their security advisory, they stated,
“NVIDIA GeForce Experience contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.”
The vendors labeled it a high severity bug that achieved a CVSS base score of 8.8. As explained, the vulnerability affected all GeForce Experience software versions prior to 3.18 for Windows Operating system. NVIDIA has fixed the bug in the software version 3.18. Thus, the users must ensure upgrading their devices to the latest version to avoid potential threats.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
ADITYA INFOTECH LTD.
FRESHWORKS TECHNOLOGIES PVT. LTD.
AMARA RAJA POWER SYSTEMS LTD.
EXATRON SERVERS MANUFACTURING PVT. LTD.
Icons Of India : Anil Agarwal
Anil Agarwal, the Founder and Chairman of Vedanta Resources Ltd., is r...
ICONS OF INDIA : SACHIN BANSAL
Sachin Bansal is an Indian entrepreneur. He is best known as the found...
Icons Of India : Deepak Sharma
Deepak Sharma spearheads Schneider Electric India. He brings with him ...
BSE - Bombay Stock Exchange
The Bombay Stock Exchange (BSE) is one of India’s largest and oldest...
IREDA - Indian Renewable Energy Development Agency Limited
IREDA is a specialized financial institution in India that facilitates...
LIC - Life Insurance Corporation of India
LIC is the largest state-owned life insurance company in India...
Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated
Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...
Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube
Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...