Graphics drivers often get flak for compatibility issues and overzealous optimizations, but we rarely hear about security holes. There are exceptions for everything, though. Threatpost reports that a freshly discovered vulnerability in Nvidia's Display Driver Service "could hand over administrator privileges on Windows machines to an attacker."
UK security researcher Peter Winter-Smith posted the exploit to Pastebin earlier this week. He wrote up the following explanation, as well:
Here is an interesting exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. . . . The buffer overflow occurs as a result of a bad memmove operation.
(Curious-minded readers can check the Pastebin posting for more details.)
Apparently, Winter-Smith didn't tip Nvidia off before sharing the exploit publicly. That's because, he says, "The risk from this particular flaw being exploited was (is) sufficiently low that I didn't think it would warrant the wait." Quoting the researcher, Threatpost explains that the exploit mainly affects "domain-based machine[s]" with "relaxed firewall rules" and file sharing enabled.
Well, at least that part is reassuring, I guess. Here's hoping Nvidia addresses the problem soon. In the meantime, keep your firewalls up!
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|Toshiba expands its budget SSD lineup with its OCZ TL100||5|
|Rumor: Nvidia and Apple may reunite for future Mac GPUs||13|
|Razer Deathadder sheds Chroma skin to achieve Elite status||11|
|Microsoft locks down Edge with virtualization in Win10 Enterprise||15|
|X2 Siryus case maintains a constant 45 degrees||15|
|NZXT joins the tempered-glass party with the S340 Elite||15|
|Lenovo lays off another round of Motorola employees||22|
|EVGA's liquid-cooled GTX 1070 Hybrid card goes up for pre-order||17|
|Google Play Store doors are now open for a few Chrome OS devices||8|