HomesecurityNVIDIA fixes a serious flaw in the GeForce NOW service

NVIDIA fixes a serious flaw in the GeForce NOW service

NVIDIA has released a security update for the GeForce Now cloud gaming app to address a vulnerability that could allow intruders to execute arbitrary code or escalate privileges on systems using unpatched software.


GeForce Now is a cloud-based game streaming service that allows users (in over 80 countries) to subscribe subscriptions stream free games or games they own, in real time, from a library of hundreds of titles hosted on NVIDIA servers.

NVIDIA cloud gaming service can be used by customers with NVIDIA Shield, desktop (MacOS, Microsoft Windows and ChromeOS) or mobile devices (Android) through special applications.

High severity defect fixed in the Windows app

NVIDIA today fixed a serious vulnerability (CVE - 2020‑5992) on all versions of Windows GeForce Now before to prevent local attackers from gaining privileges or executing code after a successful breach.

The vulnerability was reported by Hou JingYi of Qihoo 360 CERT and found in the OpenSSL library, one of GeForce Now's "open-source software dependencies".

While this flaw requires attackers to have local user access and therefore cannot be exploited remotely, it can still be abused using malicious tools developed in systems running vulnerable versions of applications, as NVIDIA explains in a security advisory published today.

Attacks that take advantage of this error are of low complexity and require low privileges that provide basic user capabilities.

Fortunately, any attacks designed to exploit vulnerability CVE - 2020‑5992 also need user interaction prior to successful breach.

The company also advises “consult a professional security or IT to assess the risk for this configuration. ”

Apply the GeForce Now security update

To apply the security update and protect your system, you must open the Windows GeForce Now application to download it automatically, and then follow these steps instructions to install it (the application requires administrator privileges to be updated).

If you cannot run the application as an administrator user, you can also update it manually by removing the version using these instructions and then install the most latest software version.

Teo Ehc
Be the limited edition.