Nvidia releases driver update to fix security exploit
Summary: Nvidia has released a new set of driver updates to patch up a security flaw found within the Nvidia Display Driver service.
Nvidia has quietly released a new set of drivers to patch up a security flaw found within the Display Driver service, which came to light via a U.K.-based researcher on Christmas day.
If you happen to be an owner of a GeForce graphics processing unit (GPU), then the quiet release of the latest GeForce-based drivers is certainly worth a quick download.
On Saturday, the firm made the new WHQL-certified graphics drivers -- version 310.90 -- available. The release notes say that the file "adds a security update for the NVIDIA Display Driver service (nvvsvc.exe)." However, it does not mention the fact that U.K. researcher Peter Winter-Smith discovered a flaw in December which makes the display driver service vulnerable to buffer overflow and code injection attacks. In other words, the security flaw could potentially be used by a remote attacker with a domain account to gain access to a system running older drivers.
In addition to killing off the security flaw, the driver update also comes complete with a number of bug fixes and performance enhancements for some gaming titles. New 3D Vision profiles have been added, and faster performance will improve a number of PC games including Call of Duty: Black Ops 2 and Assassin's Creed III.
The download is available at the firm's website.
Fixing the security exploit and improving the performance of gaming through the release comes alongside Nvidia's presence at 2013's Consumer Electronics Show, where the company has debuted a new Android-powered gaming console dubbed Project Shield, as wel as the Tegra 4 quad-core mobile processor.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
wow really?
This security flaw is only locally exploitable
That is incorrect. The security researcher stated the following about the exploit:
“I still believe that this issue wasn't particularly severe. The fact that it was discovered in a big name vendor's software probably explains the unexpected level of attention it ended up receiving,” Winter-Smith said. “I released the original exploit since (I felt) there was something fairly elegant in the way the vulnerability lent itself to allowing a bypass of the three major operating-system based anti-exploit mechanisms in play today, rather than for any expected media attention.”
In addition, the flaw is only locally and not remotely exploitable. For further information on this exploit and its patch, please see the following links:
http://threatpost.com/en_us/blogs/nvidia-hacker-confirms-security-update-clears-driver-zero-day-010713
http://threatpost.com/en_us/blogs/nvidia-display-driver-service-attack-escalates-privileges-windows-machines-122712
I hope this helps. Thank you.
The flaw is remotely exploitable.
or remote user in a domain context (Windows firewall/file sharing
permitting) should be able to exploit this vulnerability".
Point Taken
Thanks for the additional info. I stand corrected. Apologies for my confusion.
I stopped using my windows box a few weeks ago