Updated:08:17 AM EDT Aug 22


this is ggmania.com subsite NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches - TechAmok

TOP STORIES

HEADLINES

Windows 10 20H1 major improvements revealed
Slipknot - Gun Cover!
10-Second Video Of A Mom Embarrassing Her Daughter
Lock Picker Bypasses Popular Security System With $2 Device
NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches
20 Awesome Tricks with WD-40
Slipknot - Solway Firth [OFFICIAL VIDEO]
Japan-Korea Trade Spat and Toshiba Blackout Hike DRAM Prices by 20%
3 FROM HELL Official Trailer (2019) Rob Zombies, Horror Movie
25 million Android devices get infected
Ryzen 9 3900X & Ryzen 7 3700X Review
3-Second Video Of A Cat Jumping Over A Gate
Emily Ratajkowski Dancing GIF
Fast & Furious Presents: Hobbs & Shaw - Final Trailer
Intel to Cut Prices of its Desktop Processors by 15%
Succubus Trailer
DXR Tech Demo
Terminator: Dark Fate - Official Teaser Trailer (2019)

NVIDIA Fixes GeForce 436.02 Installer
Dove Cameron Looks Awesome
Underwater - Official Trailer
A Dude Getting Pranked By Skillful Turkish Ice Cream Scooper
Why Jurassic Park Looks Better Than Its Sequels
Microsoft App Brings Spam Filter, AI Sorting to Your Text Messages
Apple is planning to launch Apple TV+ by November at $9.99 per month
Apple Card is now available + 3% cash back for Uber / Uber Food
WD announces a 12TB external HDD
NVIDIA GeForce 436.02 WHQL driver
Marvel's Avengers Gameplay Video
Modern Warfare - Official GeForce RTX Ray Tracing Reveal Trailer
Madison Beer Staring Into The Camera
Google Drive will introduce long-asked-for file shortcuts feature
New Attack exploiting serious Bluetooth weakness
YouTube Originals will be free beginning Sept 24 to non-paying users
Dave Chappelle Netflix Standup Comedy Special Trailer
Botanist Rescues Abandoned Coyote Pup

NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches - [briefly]
05:35 AM EDT - Aug,05 2019 - post a comment

NVIDIA has found a total of five security vulnerabilities with its Windows drivers for GeForce, Quadro and Tesla lineup of graphics cards. These new security risks are labeled as very dangerous and have the potential to cause local code execution, denial of service, or escalation of privileges, unless the system is updated. Users are advised to update their Windows drivers as soon as possible in order to stay secure and avoid all of these vulnerabilities, so be sure to check your drivers for latest version. Exploits are only accessible on Windows based OSes, starting from Windows 7 to Windows 10.

However, one fact that is easing this situation is that in order to exploit a system, attacker must have local access to the machine that is running NVIDIA GPU, as remote exploit can not happen. Bellow are the tables provided by NVIDIA that show type of exploit along with rating it carries and which driver versions are affected. There are no mitigations for this exploit, as driver update is the only available solution to secure the system.

he vulnerabilities are rated using CVSS V3 base scoring system and they are arranged as following:
  • CVE-2019-5683 - Most dangerous of all the vulnerabilities. This exploits uses driver's trace logger weakness to create hard links, that software does not check. Attacker could create any link without getting warned by the system and force local code execution, denial of service or escalation of privileges. Rated with a score of 8.8.
  • CVE-2019-5684 - Vulnerability which uses carefully crafted shaders in order to cause out of bounds access to input texture array, possibly leading to denial of service or code execution. Rated with a score of 7.8
  • CVE-2019-5685 - Vulnerability which also uses carefully crafted shaders in order to cause out of bounds access to shader local temporary array, possibly leading to denial of service or code execution as well. Rated with a score of 7.8
  • CVE-2019-5686 - Vulnerability hidden in kernel mode layer handler for DxgkDdiEscape, which uses different data structures and DirectX API functions that are not always valid, leading to denial of service if the API function or data structure is incorrect. Rated with a score of 5.6.
  • CVE-2019-5687 - Least dangerous exploit of all five. It is also a problem in kernel model layer handler for DxgkDdiEscape, which may put system at risk if incorrect default permissions are used for an object. This can lead to information disclosure or denial of service. Rated with a score of 5.2.

Short overview of recent news articles

Aug,16 2019 Apple reportedly locking out unauthorized battery replacement
Aug,16 2019 Certified Drivers Apparently Unsafe
Aug,15 2019 AA tells airlines MacBook Pros with defective batteries can't fly
Aug,14 2019 Star Wars Resistance Season 2 - Trailer (Official)
Aug,13 2019 The World's Tallest Water Slide Was a Terrible, Tragic Idea
Aug,13 2019 Miley Cyrus Works Her Booty In A Thong Bikini
Aug,13 2019 New Samsung Camera Sensor for Phones: 108-MP Photos, 6K Videos
Aug,13 2019 Apple Expands Student ID Support in Apple Wallet
Aug,12 2019 Intel "Tiger Lake" Supports PCIe Gen 4
Aug,12 2019 AMD Releases Radeon Software Adrenalin 19.8.1 Drivers
Aug,12 2019 Free to play Angry Birds Friends available now
Aug,12 2019 Huawei Harmony OS OFFICIAL - Enter The NEW ERA!
Aug,11 2019 Windows 10 20H1 major improvements revealed
Aug,11 2019 Slipknot - Gun Cover!
Aug,10 2019 RUNNING WITH THE DEVIL Trailer (2019) Nicolas Cage Movie
Aug,10 2019 10-Second Video Of A Mom Embarrassing Her Daughter
Aug,10 2019 How They Made Me Look 23 in Gemini Man
Aug,09 2019 Samsung announces the PM1733 PCIe 4.0
Aug,09 2019 All Four Top US Carriers to Offer 5G Note10, with Varying Band
Aug,09 2019 Apple Offers Rewards up to $1 Million for iPhone Vulnerabilities
Aug,09 2019 Telegram 5.10 released with silent messages
Aug,08 2019 Lock Picker Bypasses Popular Security System With $2 Device
Aug,08 2019 Some pro hide and seek video
Aug,07 2019 Samsung Note10 Comes in Two Sizes
Aug,07 2019 Samsung Galaxy Watch Active2 Gains LTE, Touch Bezel, New Sizes
>> News Archive <<

TechAmok - Privacy Policy        loading time:0secs