Critical Vulnerability Patched In NVIDIA GeForce Experience posed a severe threat to the gamers
By MYBRANDBOOK
A serious vulnerability in NVIDIA GeForce Experience posed a severe threat to the gamers. More specifically, the software vulnerability threatened users of Windows systems.
Reportedly, researcher, David Yesland from Rhino Security Labs, discovered a serious security flaw in NVIDIA GeForce Experience software. According to his findings, exploiting the vulnerability could lead to denial of service, privilege escalation, and even code execution. GeForce Experience is a supplementary application by NVIDIA installed alongside GeForce products for automatic game settings optimization and added functionality.
The researcher has shared his findings in a detailed blog post. As disclosed by Yesland, he observed an arbitrary file write vulnerability affecting the system. Describing in brief about the bug, he stated,
“This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation.”
Yesland has explained the technicalities associated with this flaw in his blog post. He has also demonstrated a detailed PoC in his blog post alongside a basic brief on Github.
NVIDIA Patched The Flaw
NVIDIA has also acknowledged Yesland’s findings for the vulnerability CVE‑2019‑5674. Explaining this vulnerability in their security advisory, they stated,
“NVIDIA GeForce Experience contains a vulnerability when ShadowPlay or GameStream is enabled. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.”
The vendors labeled it a high severity bug that achieved a CVSS base score of 8.8. As explained, the vulnerability affected all GeForce Experience software versions prior to 3.18 for Windows Operating system. NVIDIA has fixed the bug in the software version 3.18. Thus, the users must ensure upgrading their devices to the latest version to avoid potential threats.
BREAKING NEWS
TECHNO TRENDS
Nazara and ONDC set to transform in-game monetization with ‘
Nazara Technologies has teamed up with the Open Network for Digital Comme...
Jio Platforms and NICSI to offer cloud services to government
In a collaborative initiative, the National Informatics Centre Services In...
BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium
A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...
Pinterest tracks users without consent, alleges complaint
A recent complaint alleges that Pinterest, the popular image-sharing platf...
E-Magazine
TECHNOTAINMENT
Netflix adds 'Moments' feature for saving, sharing scenes from
Netflix has introduced a new “Moments” feature on its mobile app, whic
Jacqueline Fernandez come together with YouTuber Mr. Beast for
Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b
MOVERS & SHAKERS
Visa elevates Rishi Chhabra as new Country Manager for India
Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le
Genesys continues to deepen its investment in the APAC region. Earlier this
OPEN YOUR EYES
INTERVIEWS
Delivering Critical Business Communication Solutions to Enterp
Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than
Autodesk continually pushing the boundaries in the Design and
Autodesk’s vision is of a better world designed and made for all. It inte
HOT PICK
SonicWall Launches TZ80: A Powerful Solution for Remote Office
SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution
GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
MAKE IN INDIA BRANDS
HP INDIA SALES PVT. LTD.
MATRIX COMSEC PVT. LTD.
AMARA RAJA POWER SYSTEMS LTD.
ACER INDIA PVT. LTD.
EMINENT CIO'S OF INDIA
ICONS OF INDIA
Icons Of India : Dr. Sanjay Bahl
Dr. Sanjay Bahl has around four decades of experience in the ICT indus...
Icons Of India : Arundhati Bhattacharya
Arundhati Bhattacharya serves as the Chairperson and CEO of Salesforce...
ICONS OF INDIA : RAMESH NATRAJAN
Ramesh Natarajan, CEO of Redington Limited, on overcoming ‘technolog...
PARTNER SPEAKERS
PSU
EESL - Energy Efficiency Services Limited
EESL is uniquely positioned in India’s energy sector to address ener...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
NIC - National Informatics Centre
NIC serves as the primary IT solutions provider for the government of ...
VIDEOS
Top 25 Brands
Global Indian industry
Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks
Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...
Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.
Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...
STARNITE AWARDS 2024
ITFORUM 2024
CMO of the Year
WOMEN LEADERSHIP
IMAGE GALLERY
TRENDS IN TECHNOLOGY
MORE VIDEOS
ADVERTISEMENTS
TECHNOLOGY DISRUPTION
UNICORNS REVOLUTIONISING
