NVIDIA has released a security update for the GeForce Now cloud gaming app to address a vulnerability that could allow intruders to execute arbitrary code or escalate privileges on systems using unpatched software.
GeForce Now is a cloud-based game streaming service that allows users (in over 80 countries) to subscribe subscriptions stream free games or games they own, in real time, from a library of hundreds of titles hosted on NVIDIA servers.
High severity defect fixed in the Windows app
NVIDIA today fixed a serious vulnerability (CVE - 2020‑5992) on all versions of Windows GeForce Now before 18.104.22.168 to prevent local attackers from gaining privileges or executing code after a successful breach.
The vulnerability was reported by Hou JingYi of Qihoo 360 CERT and found in the OpenSSL library, one of GeForce Now's "open-source software dependencies".
While this flaw requires attackers to have local user access and therefore cannot be exploited remotely, it can still be abused using malicious tools developed in systems running vulnerable versions of applications, as NVIDIA explains in a security advisory published today.
Attacks that take advantage of this error are of low complexity and require low privileges that provide basic user capabilities.
Fortunately, any attacks designed to exploit vulnerability CVE - 2020‑5992 also need user interaction prior to successful breach.
The company also advises “consult a professional security or IT to assess the risk for this configuration. ”
Apply the GeForce Now security update
To apply the security update and protect your system, you must open the Windows GeForce Now application to download it automatically, and then follow these steps instructions to install it (the application requires administrator privileges to be updated).