NVIDIA releases new GeForce drivers to fix security exploit

It's rare that a graphics card driver gets an update that fixes something related to security, but that's just what NVIDIA did on Saturday. The company now has a new version of its GeForce-based drivers available that were pushed out to fix an exploit that could be used for nefarious purposes.

The drivers, which have the version number of 310.90, are now available for download at the company's site. Officially, the release notes state that the new version "adds a security update for the NVIDIA Display Driver service (nvvsvc.exe)." The notes don't mention that the drivers were updated to fix an exploit that was discovered by a UK researcher, which he disclosed on Christmas Day.

The security hole, if left unattended, could allow hackers who have a valid domain account to gain super-user access to any PC that has the old version of the Display Driver service installed. This new update has gone through Microsoft's WHQL certification service, so this is not a beta release designed to quickly fix an issue but an official driver version that everyone with an NVIDIA GeForce graphics card should download.

In addition to fixing the exploit, the new 310.90 version also has a number of performance improvements for many PC games, including Call of Duty: Black Ops 2 and Assassin's Creed III.

Source: NVIDIA | Image via NVIDIA
Via: Hot Hardware

Report a problem with article
Previous Story

Google+ gaining traction, may soon rule the world

Next Story

Interview: We chat with the creator of the new Windows 8 LCARS app


Commenting is disabled on this article.

got the popup on saturday but another 170MB download at the weekend isnt good for me (ISP throttling) so haven't installed yet
Since Its a security update, think Ill go do it now xD

Guth said,
AOL? discs?

Well, back in the day, this huge evil company called "aol" used to distribute free coasters in just about every known printed magazine in circulation.

This is a multi-version WHQL driver as well - it covers all versions of Windows from Vista forward. The issue could only be in a particular OS (Windows 7, for example) - however, this isn't the first multi-OS driver release to address a single-OS-specific issue; didn't both AMD and nVidia introduce multi-version WHQL drivers (Vista/7/8) to address primarily Windows 7-specific issue (that didn't happen with either Vista or 8)? Did the security company say whether the exploit works in multiple Windows OSes?

I'm sorry, but I don't remember (maybe I have a memory problem lol) drivers having security problems...

I mean I could understand finger scanners, or other biometric system, but graphics security problems?

The only obvious way in which someone could get remotely exploit a graphics driver bug would be through WebGL, but of course when Microsoft said that it could be a security problem, people said that there won't be any security bugs in the drivers to exploit so it can't be that.

The release notes indicate that the vulnerability was in the service which interacts with the driver, not the driver itself. Drivers are isolated under the new model but the background processes installed alongside them (if any) are not. This is a potential weak point but only if the background process has flaws that allow it to receive and execute malicious commands sent to the driver.

Nas said,
The previous major release, 310.70 that I downloaded pre-Xmas, was also WHQL.
They probably weren't expecting to release anything but since they fixed the security issue decided to also adds a few quick improvements and re-certify.