[German]Vendor NVIDIA has closed a chess hole (DDOS or Privilege Escalation) in its NVIDIA GeForce Experience app with an update.
The NVIDIA GFE App
The NVIDIA GeForce Experience is software that lets you capture and share videos, screenshots, and live streams with friends. The app is also designed to keep drivers up to date and optimize game settings. The application can be downloaded here. Details can be found in this FAQ.
However, there was a CVE-2019-5702 vulnerability in the application that, when the GameStream was enabled, allowed an attacker with local system access to corrupt a system file. This could lead to a denial of service that could render the Windows machine unusable. Or it could lead to privilege escalation. The vulnerability was rated severe with a base score index of 8.4.
There is a security update
As of December 23, 2019, NVIDIA has updated the Security Bulletin: NVIDIA GeForce Experience – December 2019. NVIDIA has released a software security update for NVIDIA® GeForce Experience™. This update fixes an issue that could cause a denial of service or escalation of privileges.
The CVE-2019-5702 vulnerability affects all Windows program versions of the GeForce Experience prior to 3.20.2. The CVE-2019-5702 vulnerability was closed when the application was updated to version 3.20.2.
To protect a Windows system, users should download and install this software update from the GeForce Experience Downloads page. Open the NVIDIA GeForce Experience client to upgrade the security update. Earlier versions of the software that support this product are also affected. If you are using an earlier branch of the software, upgrade to the latest version. (via Bleeping Computer)
Cookies helps to fund this blog: Cookie settings