Does NVIDIA Display Driver Service Make Your System Vulnerable?

[btarunr]

An [ethical?] hacker going by the Twitter handle @peterwintrsmith discovered a gaping security hole in NVIDIA's display driver service that allows ordinary local and remote users to gain administrator privileges in Windows. Mr. Winter-Smith posted a description and details of the exploit, in which he describes the NVIDIA Display Device server (NVVSVC) as listening on a pipe (a means by which different processes talk to each other) "\pipe\nsvr," which has an null/empty discretionary access control list (DACL, a security whitelist for users/groups), letting ordinary logged in local and remote users (firewall permitting, and the remote admin has a local account) to gain administrator rights to the system. In our opinion, the exploit is plausible, and could cut short winter breaks of a few in Santa Clara.



View at TechPowerUp Main Site

 

[tacosRcool]

So that means they need to fix it!

 

[Aquinus]

So that means they need to fix it!

The question is how long has it been there and should nVidia have fixed it (and found it,) before now. I think this is just another example of how drivers are never perfect and is another reason why people shouldn't bash AMD or nVidia for drivers that they've dumped a lot of time and effort into.

 

[PopcornMachine]

Those darn buggy NVIDIA drivers! When are they going to fix them?


Just kidding. It's a joke. Get it?

 

[Jack1n]

Does not sound legit.

 

[1c3d0g]

It might be plausible to exploit this, but come on:

...and the remote admin has a local account...

This alone tells me it would be extremely hard for a hacker to exploit this bug unless they've already infiltrated or otherwise compromised your network elsewhere.

 

[newtekie1]

So let me get this straight. For someone to exploit this vulnerability the following must be true:

1. The attacker mush know the username and password of an active local user account on the machine.
2. The firewall has to allow traffic in through whatever port the service is listening on.

You'd have to have a pretty shitty security setup already for this vulnerability to really affect you.

 

[W1zzard]

1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)

 

[TheMailMan78]

1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)

Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

Torrents........that's a different story.

 

[btarunr]

Number one would be the hard part I assume.

Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.

 

[Absolution]

A few week(s) after AMD announces a patch, nvidia leak is found by an ethical hacker. Maybe this guy was the one who alerted AMD privately..

AMD FANBOI

Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.

 

[Ferrum Master]

The Red empire strikes back? Who said our cards stutter? At least our ones are not full of germs

 

[KissSh0t]

The Red empire strikes back? Who said our cards stutter? At least our ones are not full of germs

Hohohohoho~

http://www.techpowerup.com/177540/A...-Feature-in-2013-Cites-Security-Concerns.html

 

[Krneki]

In 2012

In this day and age someone is still running a Windows system without a firewall/router?

In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).

 

[mediasorcerer]

Doesn't sound like that much of a worry.

 

[Deleted member 3]

1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)

So basically... don't download gpu-z and other software form here until it's fixed.

 

[Aquinus]

So basically... don't download gpu-z and other software form here until it's fixed.

Hah! Dan has seen through your devious plan, W1z.

 

[Katanai]

Fear, uncertainty and doubt (FUD), is a tactic used in sales, marketing, public relations, politics and propaganda.

FUD is generally a strategic attempt to influence perception by disseminating negative and dubious or false information. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor's product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

The term originated to describe disinformation tactics in the computer hardware industry but has since been used more broadly.

 

[W1zzard]

There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.

 

[Ferrum Master]

There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.

The problem is always figuring out how to make a safe profit

 

[Steevo]

Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

Torrents........that's a different story.

Drive by downloads, or java exploit, need I say more.

Wait

And browser hijack redirects.


I'm growing a beard™, so I am safe.

 

[Fluffmeister]

The exploit mainly affects "domain-based machine" with "relaxed firewall rules" and file sharing enabled.

Oh noes!

 

[newconroer]

In this day and age someone is still running a Windows system without a firewall/router?

In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).

Don't you have that the other way around? What normal home network uses Windows firewall or any soft-firewall for that matter?
And if a commercial network already has infiltration to the backdoor level *as is required for this to be an issue* then who cares, you're in trouble already.

Sounds like this guy is turning a molehill into a mountain just to get some press.

Drive by downloads, or java exploit, need I say more.

Wait

And browser hijack redirects.


I'm growing a beard™, so I am safe.

A) Hosts files
B) Don't visit shady websites/open shady email attachments
C) Take control/concern with your Active X and Java
D) All remote registry services disabled (until the time of requirement/access needed)

Statistically impossible for you to get a blown virus. About the worst you may encounter is a sneaky bit of malware that slipped in through browser controls and all it does is snoop or redirect you to paysites.

 

[Fluffmeister]

310.90 WHQL Released, includes update fixing this issue.

http://www.geforce.com/drivers/results/55026