NVIDIA said that it would patch a driver exploit disclosed by a researcher on Christmas Day, which allows an attacker to gain super-user access to any desktop or laptop running the vulnerable software.
Last week, SecurityWeek covered the disclosure from Peter Winter-Smith, a researcher from the U.K., who published details about an interesting exploit he discovered within the NVIDIA Display Driver Service.
“The service listens on a named pipe (pipensvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability,” he Winter-Smith wrote.
“The NVidia vulnerability identified by Peter Winter-Smith is a serious risk to any organization using these drivers on enterprise systems,” HD Moore, CSO at Rapid7 and Chief Architect for Metasploit told SecurityWeek at the time. “The vulnerability allows a remote attacker with a valid domain account to gain super-user access to any desktop or laptop running the vulnerable service.”
“This flaw also allows an attacker (or rogue user) with a low-privileged account to gain super-access to their own system, but the real risk to enterprises is the remote vector,” Moore added.
An NVIDIA spokesperson told SecurityWeek that they will post a driver update this weekend to address the issue.
“NVIDIA takes security seriously and our plan is to post a driver update this weekend,” NVIDIA said. “In the interim, to maintain a secure environment, we recommend use of firewalls or disabling Windows file sharing services, in addition to maintaining up-to-date anti-virus software, applying vendor supplied patches, and not running software from untrusted sources.”
The spokesperson said users should check geforce.com where its drivers are posted.