NVIDIA has resolved a security vulnerability in GeForce Experience for Windows, and users are recommended to install the latest version as soon as possible.
The vulnerability, which has been assigned CVE‑2019‑5702, affects all versions of NVIDIA’s companion software for Windows prior to 3.20.2. To patch the flaw, users must install NVIDIA Geforce Experience 3.20.2.
NVIDIA says the bug can enable an attacker to corrupt a system file, which would then allow for denial of service or escalation of privilege. With a complex attack, a malicious actor can obtain administrator privileges, eventually being able to deploy additional payloads on a compromised device.
“NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges,” NVIDIA explains in an advisory.
“Earlier software branch releases that support this product is also affected. If you are using an earlier branch release, upgrade to the latest branch release.”
All Windows versions affected
The vulnerability also affects all versions of Windows where NVIDIA’s software is installed, including here Windows 7 and Windows 10. All Windows 10 versions are exposed, including the November 2019 Update, as long as an unpatched build of NVIDIA GeForce Experience is running on the device.
Worth noting is that exploiting this vulnerability requires “local system access,” as NVIDIA explains in its security advisory, so taking advantage of the bug remotely isn’t possible.
NVIDIA GeForce Experience 220.127.116.11 also introduces other improvements in addition to the security patch, such as newly-optimizing games, like Call of Duty: Modern Warfare, Red Dead Redemption 2, and Need for Speed Heat. Additional bug fixes, including for some games failing to launch, are also part of this release.
You can check out the entire changelog on Softpedia here.