If you’ve got an NVIDIA graphics card in your PC, and odds are pretty good that you do, be aware that the company recently released a security update.

It patches a number of high severity vulnerabilities in the Windows GPU display driver that could allow a hacker to gain complete control over your system via escalation of privileges.

If there’s a silver lining to be found in the announcement, it lies in the fact that all of the security flaws NVIDIA addressed require local access to exploit. So a hacker would first have to establish a beachhead on your system before exploiting the flaws. Even so, for a determined hacker, that’s not much of an impediment, so patching the system should be considered a priority.

Here’s a quick overview of the issues the latest patch addresses:

  • CVE-2020-5979 – This is a flaw in the Control Panel component where the user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges.
  • CVE-2020-5980 – This issue arises from the fact that there are multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service.
  • CVE-2020-5981 – The Windows GPU Display Driver contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service.
  • CVE-2020-5982 – which is an issue in the Windows GPU Display Driver’s kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service.

The first three are all scored 7.8 out of 10 in terms of severity, while the last one is scored 4.4 because it’s somewhat harder for a hacker to exploit. In any case, these are all serious issues that put your system at risk, so be sure your team knows to make installing the latest patch from NVIDIA a priority. It’s always better to be safe than sorry.

Leave a Reply

Your email address will not be published.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*