NVIDIA Fixes Severe Flaw In GeForce NOW Cloud Gaming Service
NVIDIA released a security update for the GeForce Now cloud gaming Windows app to address a vulnerability that could allow attackers to execute arbitrary code or escalate privileges on systems running unpatched software.
GeForce Now is a cloud-based game streaming service that allows users over 80 countries with paid subscriptions to stream free-to-play or games they own, in real-time, from a library of hundreds of titles hosted on NVIDIA’s servers.
NVIDIA’s cloud gaming service can be used by customers who own NVIDIA Shield, desktop (macOS, Microsoft Windows, and ChromeOS), or mobile (Android) devices via dedicated apps.
Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service
High severity flaw fixed in the Windows app
NVIDIA has fixed today a high severity vulnerability (CVE‑2020‑5992) in all versions of the Windows GeForce Now app prior to 2.0.25.119 to prevent local attackers from elevating their privileges or executing code after successful exploitation.
The vulnerability was reported by Qihoo 360 CERT’s Hou JingYi and it was found in the OpenSSL library, one of GeForce Now’s open-source software dependencies.
While this flaw requires attackers to have local user access and thus it cannot be exploited remotely, it can still be abused using malicious tools deployed on systems running vulnerable app versions as NVIDIA explains in a security advisory published today.
| CVE IDs | Description | Base Score | Vector |
|---|---|---|---|
| CVE‑2020‑5992 | NVIDIA GeForce NOW application software on Windows contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges. | 7.3 | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
Attacks that would exploit this bug are of low complexity and require low privileges that provide basic user capabilities.
Luckily, any attacks designed to abuse the CVE‑2020‑5992 vulnerability also need user interaction before successful exploitation.
NVIDIA says that the “risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation.”
The company also advises “consulting a security or IT professional to evaluate the risk to your specific configuration.”
Applying the GeForce Now security update
To apply the security update and protect your system, you have to open the Windows GeForce Now app to have it automatically downloaded and then follow the instructions to install it (the app requires admin privileges to update itself).
If you cannot run the app as an admin user, you can also manually update it by removing it using these instructions and then installing the latest software version (i.e., 2.0.25.119).
Also Read: How To Prevent WhatsApp Hack: 7 Best Practices
Last month, NVIDIA also fixed high severity vulnerabilities in the Windows NVIDIA GeForce Experience (GFE) app that could allow attackers to gain access to sensitive info, trigger a denial of service (DoS) state, escalate privileges, or execute arbitrary code on vulnerable systems.
0 Comments