NVIDIA has released a security update for the Windows GeForce Now cloud gaming application to address a vulnerability that could allow intruders to execute arbitrary code or escalate privileges on systems that use vulnerable software.
GeForce Now is a cloud-based gaming streaming service that allows subscribers in 80 countries to stream free games or games they have, in real time, from a library of hundreds of titles hosted on NVIDIA servers.
NVIDIA cloud gaming service can be used by customers with NVIDIA Shield devices, desktops (macOS, Microsoft Windows and ChromeOS) or mobile devices (Android) through special applications.
NVIDIA has now fixed a high-vulnerability (CVE - 2020‑5992) on all versions of Windows GeForce Now to prevent local intruders from gaining privileges or executing code after successful exploitation.
The vulnerability was reported by Qihoo 360 CERT Hou JingYi and was found in the OpenSSL library, one of the GeForce Now open source software kits.
While this flaw requires attackers to have local user access and thus can not be exploited remotely, it can still be abused using malware developed on systems running vulnerable versions of applications, NVIDIA explains in a published security tip. today.
|CVE IDs||Description||Base Score||Vector|
|CVE ‑ 2020‑5992||NVIDIA GeForce NOW application software on Windows contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges.||7.3||AV: L / AC: L / PR: L / UI: R / S: U / C: H / I: H / A: H|
Attacks that take advantage of this error are of low complexity and require low privileges that provide basic user capabilities.
Fortunately, any attacks designed to exploit the CVE - 2020‑5992 vulnerability also require user interaction before a successful exploit.
To apply the security update and protect your system, you need to open the Windows GeForce Now application to download it automatically, and then follow the instructions to install it (the application requires administrator privileges to update itself).
If you can not run the application as an administrator, you can update it manually by removing it using these instructions and then install the latest version (ie 220.127.116.11).