NVIDIA Releases Fix For Dangerous Display Driver Exploit

wiredmikey writes "NVIDIA on Saturday quietly released a driver update (version 310.90) that fixes a recently-uncovered security vulnerability in the NVIDIA Display Driver service (nvvsvc.exe). The vulnerability was disclosed on Christmas day by Peter Winter-Smith, a researcher from the U.K. According to Rapid7's HD Moore, the vulnerability allows a remote attacker with a valid domain account to gain super-user access to any desktop or laptop running the vulnerable service, and allows an attacker (or rogue user) with a low-privileged account to gain super-access to their own system. In addition to the security fix, driver version 310.90 addresses other bugs and brings performance increases for several games and applications for a number of GPUs including the GeForce 400/500/600 Series."

Re:Dangerous ? Nope.

[earlzdotnet]

The more I learn about the past of computing the more I'm convinced they only ever considered one failure mode: catastrophic.

ATI had an exploit too

[Billly+Gates]

Do we as geeks and IT professionals need to worry about this?

First it was the OS that got you owned. Then when Linux, Macosx, and NT/XP came it was about IE. IE 5.5 and 6 were instant targets. Then as that died off it was flash, java, and ODF addons.

Are video drivers next? Which never gets updated? The video drivers. Which has its own cpu, ram, and is never checked by AV? The video card. A reflash would be a nightmate.