{"id":12440,"date":"2019-12-24T06:38:41","date_gmt":"2019-12-24T05:38:41","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12440"},"modified":"2020-01-08T12:01:33","modified_gmt":"2020-01-08T11:01:33","slug":"sicherheitslcke-in-nvidia-geforce-experience-app","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/12\/24\/sicherheitslcke-in-nvidia-geforce-experience-app\/","title":{"rendered":"Vulnerability in NVIDIA GeForce Experience App closed"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/12\/24\/sicherheitslcke-in-nvidia-geforce-experience-app\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Vendor NVIDIA has closed a chess hole (DDOS or Privilege Escalation) in its NVIDIA GeForce Experience app with an update.&nbsp; <\/p>\n<p><!--more--><\/p>\n<h2>The NVIDIA GFE App<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg07.met.vgwort.de\/na\/ca7e6d8cdf774cf09bae7da7bff93514\" width=\"1\" height=\"1\">The NVIDIA GeForce Experience is software that lets you capture and share videos, screenshots, and live streams with friends. The app is also designed to keep drivers up to date and optimize game settings. The application can be <a href=\"https:\/\/web.archive.org\/web\/20200106070152\/https:\/\/www.nvidia.com\/en-us\/geforce\/geforce-experience\/\" target=\"_blank\" rel=\"noopener noreferrer\">downloaded here<\/a>. Details can be found in <a href=\"https:\/\/web.archive.org\/web\/20200107021914\/https:\/\/www.nvidia.com\/en-us\/geforce\/geforce-experience\/faq\/\" target=\"_blank\" rel=\"noopener noreferrer\">this FAQ<\/a>. <\/p>\n<p><img decoding=\"async\" title=\"NVIDIA GeForce Experience App\" alt=\"NVIDIA GeForce Experience App\" src=\"https:\/\/i.imgur.com\/Uth9X3k.jpg\"><\/p>\n<h2>The vulnerability<\/h2>\n<p>However, there was a CVE-2019-5702 vulnerability in the application that, when the GameStream was enabled, allowed an attacker with local system access to corrupt a system file. This could lead to a denial of service that could render the Windows machine unusable. Or it could lead to privilege escalation. The vulnerability was rated severe with a base score index of 8.4. <\/p>\n<h2>There is a security update<\/h2>\n<p>As of December 23, 2019, NVIDIA has updated the <a href=\"https:\/\/nvidia.custhelp.com\/app\/answers\/detail\/a_id\/4954\/~\/security-bulletin%3A-nvidia-geforce-experience---december-2019\" target=\"_blank\" rel=\"noopener noreferrer\">Security Bulletin: NVIDIA GeForce Experience &#8211; December 2019<\/a>. NVIDIA has released a software security update for NVIDIA\u00ae GeForce Experience\u2122. This update fixes an issue that could cause a denial of service or escalation of privileges. <\/p>\n<p>The CVE-2019-5702 vulnerability affects all Windows program versions of the GeForce Experience prior to 3.20.2. The CVE-2019-5702 vulnerability was closed when the application was updated to version 3.20.2. <\/p>\n<p>To protect a Windows system, users should download and install this software update from the GeForce Experience <a href=\"https:\/\/www.geforce.com\/geforce-experience\/download\" target=\"_blank\" rel=\"noopener noreferrer\">Downloads page<\/a>. Open the NVIDIA GeForce Experience client to upgrade the security update. Earlier versions of the software that support this product are also affected. If you are using an earlier branch of the software, upgrade to the latest version. (via <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nvidia-patches-high-severity-vulnerability-in-geforce-experience\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Vendor NVIDIA has closed a chess hole (DDOS or Privilege Escalation) in its NVIDIA GeForce Experience app with an update.&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22,2],"tags":[69,1544,195,194],"class_list":["post-12440","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","category-windows","tag-security","tag-software","tag-update","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=12440"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12440\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=12440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=12440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=12440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}