HomeWinBuzzer NewsNvidia Patches Major Security Flaws in Its GeForce Experience Software

Nvidia Patches Major Security Flaws in Its GeForce Experience Software

CVE-2019-5678 and 2019-5676 let attackers execute code on a user's system, perform a DoS attack or an escalation of privilege. Nvidia recommends gamers update their software immediately.

-

Nvidia has advised gamers to update after fixing two high-severity flaws in its GeForce Experience software. CVE-2019-5678 and 5676 can both lead to code execution, with the latter enabling privilege escalation.

“This update addresses issues that may lead to information disclosure, escalation of privileges, denial of service, or code execution. To protect your system, download and install this software update through the GeForce Experience Downloads page,” said Nvidia in a bulletin.

It’s worth noting that both attacks require local system access. The vulnerability of 5678 is found in the Web Helper component and lets attackers craft input that may be not be validated properly for DoS attacks, code execution, or information disclosure.

Meanwhile, 5678 is found in the installer of GeForce Experience itself. A flaw was causing it to load Windows system DLLs in an insecure way that attackers could exploit with a binary planting attack.

At WinBuzzer, our machines with Nvidia’s software updated automatically. However, this may not be the case for all users. You’ll want to make sure you’re on 3.19 or higher by opening your account profile and selecting ‘General’.

Nvidia credit David Yesland of Rhino Security Labs for reporting CVE-2019-5678, and multiple reporters fro 5676. The reports come shortly after the company patched 8 high-severity flaws in its Tegra flaws, and follow another GeForce Experience vulnerability from March.

In May, a GeForce driver update for GTX 1060 graphics card caused PCs to restart loop until Nvidia rolled out an emergency hotfix. Issues are clearly not uncommon for this type of software, and users should consider subscribing to security bulletins to ensure they can act fast.

SourceNvidia
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News