NVIDIA has released a security update for the application Windows GeForce Now cloud gaming to address a vulnerability that could allow attackers to execute arbitrary code or escalate privileges on systems running vulnerable software.
GeForce Now is one service streaming παιχνιδιών που βασίζεται στο cloud και επιτρέπει σε χρήστες 80 χωρών με συνδρομητικές subscriptions stream free games or games they have, in real time, from a library of hundreds of titles hosted on NVIDIA's servers.
NVIDIA's cloud gaming service can be used by customers who have Appliances NVIDIA Shield, επιτραπέζιους υπολογιστές (macOS, Microsoft Windows και ChromeOS) or mobile devices (Android) through special applications.
NVIDIA has now fixed a high-vulnerability (CVE - 2020‑5992) on all versions of Windows GeForce Now to prevent local intruders from gaining privileges or executing code after successful exploitation.
The vulnerability was reported by Qihoo 360 CERT Hou JingYi and was found in the OpenSSL library, one of the GeForce Now open source software kits.
While this flaw requires attackers to have local user access and thus can not be exploited remotely, it can still be abused using malware developed on systems running vulnerable versions of applications, NVIDIA explains in a published security tip. today.
CVE IDs | Description | Base Score | Vector |
---|---|---|---|
CVE ‑ 2020‑5992 | NVIDIA GeForce NOW application software on Windows contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges. | 7.3 | AV: L / AC: L / PR: L / UI: R / S: U / C: H / I: H / A: H |
The attacks that will exploit this flaw are of low complexity and require low privileges that provide basic user capabilities.
Fortunately, any attacks designed to exploit the CVE - 2020‑5992 vulnerability also require user interaction before a successful exploit.
To apply the security update and protect your system, you need to open the Windows GeForce Now application to download it automatically, and then follow the instructions to install it (the application requires administrator privileges to update itself).
If you can not run the application as an administrator, you can update it manually by removing it using these instructions and then install the latest version (ie 2.0.25.119).