NVIDIA has warned Windows users to update their GPU drivers as soon as possible, as the latest versions fix five serious security vulnerabilities. At least five vulnerabilities were found in drivers for NVIDIA GeForce, NVS, Quadro and Tesla accelerators for Windows, three of which are high-severity and, if the update is not installed, could lead to the following types of attacks: local execution of malicious code; refusal to service the received request; software privilege escalation.
Interestingly, in May NVIDIA three vulnerabilities in their drivers that led to attacks such as denial of service and privilege escalation. In his On Security Issues, NVIDIA has strongly urged users of its products to download and install the available driver updates.
However, these vulnerabilities are somewhat mitigated by the fact that they cannot be exploited remotely, and in order to exploit them, attackers need local access to the user's PC. All issues relate to Microsoft OS: Windows 7, Windows 8, Windows 8.1, and Windows 10. The biggest vulnerability lies in the trace logging tool component of the driver. Another vulnerability lies in the DirectX driver itself, which allows the execution of malicious code using a special shader.
Fixed drivers for GeForce GPUs include versions 431.60 and higher; for Quadro - starting at 431.70, 426.00, 392.56, as well as R400 series drivers from August 19 and up. Finally, Windows drivers of all versions of R418 released after August 12th are safe for Tesla.
Source: 3dnews.ru