Friday, January 22, 18:10
Home security NVIDIA: Security update for GeForce Experience released

NVIDIA: Security update for GeForce Experience released

NVIDIA has released a security update for the Windows NVIDIA GeForce Experience (GFE) application to address vulnerabilities that could allow intruders to execute arbitrary code, scale privileges, gain access to sensitive information, or cause denial of service. ) on systems running with unpatched software.

NVIDIA GFE is a GeForce GTX graphics card utility that "updates your drivers, automatically optimizes your game settings and gives you the easiest way to share the best moments of your game with friends," says NVIDIA.


While these defects require of them invaders have local user access and can not be exploited remotely, but can be used with malicious tools systems running vulnerable versions of NVIDIA GFE.

In addition, the attacks that will take advantage of these errors have low complexity according to NVIDIA, while also requiring low privileges and no need to interact with users.

CVE - 2020‑5977, the highest seriousness bug fixed today by NVIDIA, can lead to privilege scaling and code execution after a successful exploitation.

It also allows intruders to use Windows computers running unpatched NVIDIA GFE by activating a denial of service mode.

The CVE - 2020‑5977 vulnerability was reported by Decathlon Xavier DANEST and consists of an uncontrolled search path used during loading a node module NVIDIA Web Helper NodeJS Web Server.

The other highly serious error, CVE - 2020‑5990, is present in the ShadowPlay component and was reported by ACTIVELabs Hashim Jawad.

You can see below the three vulnerabilities that were fixed in the October 2020 security update along with the basic CVSS V3 rating assigned by NVIDIA.

NVIDIA says that the “risk assessment is based on an average risk in a different set of systems and may not represent a real risk to your local facility. ”

The company also advises "consulting a security or IT professional to assess the risk for your particular configuration."

Influenced versions of GeForce Experience

The vulnerabilities affect only computers running Windows and NVIDIA GeForce Experience before, the version that came with the bug fixes.

To apply the security update, you must download the latest software version (ie from the "GeForce Experience Downloads" page or start the GFE client to apply it automatically via the built-in notification mechanism.

In July, NVIDIA fixed another security flaw in all GeForce Experience versions before 3.20.4 that could lead to code execution, denial of service or escalation of privileges.

Last month, the company also encountered a number of high-security issues with the Windows GPU display driver and software Virtual GPU Manager.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Windows RDP servers are used to support DDoS

Cybercrime gangs are abusing Windows Remote Desktop Protocol (RDP) systems to reinforce the unwanted ...

SEPA: He refused to pay a ransom and thousands of files were leaked

Thousands of stolen files of the Scottish Environmental Protection Agency (SEPA) have been published by hackers, after the organization refused to pay the ransom ...

Fines at Valve, Capcom and Zenimax for geo-exclusion of games

Following a European Commission investigation, a group of video game publishers was fined € 7,8 million following allegations of geo-exclusion practices. In...

Bitcoin helps the middle class survive the pandemic

Regulators still imply that Bitcoin is just a tool for criminals, but it seems that for the middle class ...

Lightworks 2021.1 for Linux, Mac and Windows has been released

Lightworks Professional Multi-Platform Video Editing Software received the first major update to Lightworks 2021.1 for Windows, Linux and Mac.

Netflix: Watch the 9 best Anime movies of all time

One of the good things about the pandemic was that many people were introduced to the anime world. And the issue with anime is ...

CHwapi: Windows BitLocker "hit" the Belgian hospital!

The CHwapi hospital in Belgium was attacked by a cyber attack on January 17, with hackers claiming to have encrypted 40 servers and 100 ...

CPU / GPU Lotteries: Newegg sells the few on the market

Hardware shortages are not uncommon, but the pandemic has worsened the situation. The whole planet is closed to ...

United Kingdom: Malware infects laptops delivered to students

In the context of e-learning implemented in many countries since the outbreak of the COVID-19 pandemic, governments are distributing the necessary equipment ...

iOS 14.4: Anti-tracking feature released to developers

Apple yesterday released to developers "Release Candidates" for iOS 14.4 and the corresponding iPad. It is probably the last step ...