Graphics drivers often get flak for compatibility issues and overzealous optimizations, but we rarely hear about security holes. There are exceptions for everything, though. Threatpost reports that a freshly discovered vulnerability in Nvidia's Display Driver Service "could hand over administrator privileges on Windows machines to an attacker."
UK security researcher Peter Winter-Smith posted the exploit to Pastebin earlier this week. He wrote up the following explanation, as well:
Here is an interesting exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. . . . The buffer overflow occurs as a result of a bad memmove operation.
(Curious-minded readers can check the Pastebin posting for more details.)
Apparently, Winter-Smith didn't tip Nvidia off before sharing the exploit publicly. That's because, he says, "The risk from this particular flaw being exploited was (is) sufficiently low that I didn't think it would warrant the wait." Quoting the researcher, Threatpost explains that the exploit mainly affects "domain-based machine[s]" with "relaxed firewall rules" and file sharing enabled.
Well, at least that part is reassuring, I guess. Here's hoping Nvidia addresses the problem soon. In the meantime, keep your firewalls up!
|1. GKey13 - $650||2. JohnC - $600||3. davidbowser - $501|
|4. cmpxchg - $500||5. DeadOfKnight - $400||6. danny e. - $375|
|7. the - $360||8. Ryszard - $351||9. rbattle - $350|
|10. Ryu Connor - $350|
|Gmail and Google Now conspire to streamline your Inbox||1|
|In the lab: WASD's Code keyboard with Cherry MX clear switches||27|
|GeForce 344.48 driver enables DSR on Kepler, Fermi GPUs||69|
|ARM intros two new CCN 'uncore' products for data center SoCs||12|
|G.Skill's Phoenix Blade PCIe SSD boasts 2000MB/s transfer rates||25|
|First Win10 Tech Preview update adds Action Center||19|
|Reports: Broadwell-E slips to 2016, but Skylake-S sampling already||30|
|Cooler Master's Mizar mouse reviewed||14|
|I just found this AMAZING trick! Call of Duty takes up 0GB if you just don't buy it!||+104|