fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

NVIDIA Fixes High Severity Flaws In Windows Display Driver

NVIDIA Fixes High Severity Flaws In Windows Display Driver

NVIDIA has released security updates to address high severity vulnerabilities in the Windows GPU display driver that could lead to code execution, escalation of privileges, information disclosure, and denial of service.

All GPU display driver bugs fixed by NVIDIA this month require local user access which means that attackers will need to first get a foothold on the systems to exploit these vulnerabilities.

Once is achieved, they could take exploit them by remotely planting malicious tools or running code designed to target one of the fixed issues on devices running unpatched NVIDIA GPU drivers.

The security updates also fix high severity flaws in the NVIDIA Virtual GPU Manager which may lead to denial of service, code execution, and information disclosure when successfully exploited.

Windows driver security issues

The GPU display driver issues impact Windows machines and they come with CVSS V3 base scores ranging from 4.4 to 7.8, while the NVIDIA GPU bugs have severity ratings between 5.5 and 8.8.

By abusing these vulnerabilities attackers can escalate their privileges without needing user interaction to get permissions above the ones they were initially granted by the compromised systems.

When successfully exploited, these vulnerabilities could also enable them to execute malicious code, to render unpatched machines temporarily unusable by triggering denial of service states, or to access sensitive information.

The security issues fixed by NVIDIA as part of the September 2020 security updates are listed in the table embedded below, with full descriptions and their respective CVSS V3 base scores.

Also Read: The Importance Of DPIA And Its 3 Types Of Processing

CVE IDsDescriptionBase Score
CVE‑2020‑5979NVIDIA Display Driver contains a vulnerability in the Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges.7.8
CVE‑2020‑5980NVIDIA Windows GPU Display Driver contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service.7.8
CVE‑2020‑5981NVIDIA Windows GPU Display Driver contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access which may lead to denial of service.7.8
CVE‑2020‑5982NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service.4.4

NVIDIA says that the “risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation” and it recommends consulting a professional to accurately evaluate the risk of your specific system configuration.

The high severity CVE‑2020‑5979 flaw was reported by Jo Hemmerlein of Microsoft, CVE‑2020‑5980 by Andy Gill of Pen Test Partners LLP, while CVE‑2020‑5981 was reported by Cisco Talos’ Piotr Bania.

Impacted NVIDIA GPU driver versions

The full list of driver and software versions affected by these vulnerabilities can be found in the NVIDIA GPU Display Driver – September 2020 security bulletin.

NVIDIA urges customers to update their GeForce, Quadro, NVS, and Tesla GPU display drivers, as well as Virtual GPU Manager and guest driver software by applying security updates available via the NVIDIA Driver Downloads page.

The company says that some users may receive Windows GPU display driver 456.41, 452.11, and 446.29 versions from their computer hardware vendors also bundling the security updates released today.

To find your NVIDIA GPU display driver’s version you can follow the procedure detailed here.

Enterprise users have to log into the NVIDIA Enterprise Application Hub to get the NVIDIA vGPU software updates via the NVIDIA Licensing Center.

Also Read: 10 Principles On How To Build A Good Governance Model

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us