NVIDIA HAS KICKED OUT a patch to fix a nasty security flaw in its GeForce Experience software that could have allowed hackers to gain elevated privileges over a machine and carry out all manner of cyber attacks.
For those of you who don't know, the GeForce Experience is an Nvidia software tool that can automatically optimise games to suit the hardware configuration of a PC, as well as help with updating drivers and tweaking other graphical bits and bobs.
It's a slick tool on the whole, but David Yesland from Rhino Security Labs discovered that the software had a pretty severe flaw.
If a hacker managed to get direct access to a machine running the software, they could exploit the flaw to execute malicious code and perform denial-of-service attacks, as well as mess around with elevated privileges.
"This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user," said Yesland, explaining the flaw labelled as CVE-2019-5674.
"Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation."
"With an arbitrary file write, you can force an application to overwrite any file on the system as a privileged user. Often, this just means you can cause a denial of service by overwriting critical system files, but if you can control the data that is being written in some way, often you can do more with it," he added.
As such, the flaw got given a risk rating of 8.8, but Nvidia noted that's just an average score based on how many different systems the software is installed across and doesn't mean that every PC is at severe risk.
Nvidia released its own advisory on the bug and pushed out a patch for it, which should be automatically applied by the GeForce Experience if automatic updates are enabled.
The flaw affects the GeForce Experience version prior to 3.18, so if you're running an old version of the software you'd be wise to ensure the GeForce Experience gets updated pronto. µ
'Some of us like the misery'
That'll surely affect its credit score