In company video card software NVIDIA showed up vulnerability that allows attackers to increase their privileges in the system and take control of a computer.
This is about NVIDIA GeForce Experience (GFE). As it turned out, a convenient tool can be used not only to set up “green” video cards, but also to gain access to the OS. The vulnerability is CVE-2019-5702 and allows attackers to take control of the system.
To use this gap, you need local access to the computer or the launch of malicious code on it. It is noted that the problem affects all versions of the driver in recent years. In the current version of Experience 3.20.2.34, the problem has already been fixed, therefore it is recommended to be installed first.
At the same time, we note that similar gaps were discovered earlier, so it’s premature to talk about the safety of new and old NVIDIA drivers.