In case you haven’t updated to Nvidia’s latest GeForce Experience version, now is the time to do so. If you’re still on anything older than version 3.27.0.112, your PC could be wide open to certain cybersecurity risks, with the potential for hackers to gain access to your PC via your outdated GeForce Experience software.
The vulnerabilities, as described by the Nvidia development team in a security bulletin (opens in new tab) (via Hardware Info (opens in new tab)), include “code execution, information disclosure, data tampering, and denial of service.”
Discovered by Minse Kim of Korea University’s DNSLab, there are three main attack methods that older GeForce Experience versions leaves users open to. The one that scores highest on the vulnerability scale would involve the user initialising the GeForce Experience install from a compromised directory. Looks like they had to have accidentally deleted something from the install folder first, though. So although it’s probably a rare occurrence, it can lead to some serious data tampering.
The second vulnerability would see the hackers using the installer to do their nefarious bidding.
“GeForce Experience contains an uncontrolled search path vulnerability in all its client installers,” the bulletin says. In order to exploit this, the hackers would need to have already gained user level privileges, allowing them to use the installer to load an arbitrary DLL. That would allow them to escalate their privileges and execute whatever code they fancied on your PC.
Last but not least, the “NVContainer component” vulnerability would allow a hacker with user level privileges to create a “symbolic link” to a file that needs admin privileges, and sneakily give them an escalation of privilege, opening a window for “denial of service, or limited data tampering.” That means removing your access and messing with your machine while you’re left to figure out what the heck is going on.
For a software tasked with keeping your graphics card working—i.e. one of the most important softwares on your gaming PC (opens in new tab)—you’d think we wouldn’t have to deal with this. But as many of us will know, software development is never as straightforward as we’d like it to be.
Hackers are constantly evolving, so make sure to keep your software up to date.