NVIDIA Releases GeForce Experience App Update Which Fixes a Severe Flaw

• NVIDIA fixes a severe vulnerability in the GeForce companion app, which leads to privilege escalation and DoS.
• The actor would require local system access to carry out an attack, but otherwise, it would be pretty simple.
• Users would be preferable downloading and installing their GPU drivers manually instead of using the app.

NVIDIA has just released a security update for the GeForce Experience application for Windows, fixing a DoS-triggering vulnerability which also involves “privilege escalation” potential. NVIDIA clarified that both of these flaws would require local user access for their exploitation, yet they are considered severe so plugging them was very important. Moreover, taking advantage of the flaws wouldn’t require a sophisticated attack, wouldn’t need admin privileges, and would presuppose no user interaction whatsoever. All things considered, the CVE-2019-5702 was given a criticality score of 8.4 according to the CVSS v3 standard of classification.

As NVIDIA states on the relevant security bulletin, the particular vulnerability arises when GameStream activates, enabling an attacker with local system access to corrupt a system file. This corruption can potentially lead to a denial of service condition or the escalation of privileges. The affected versions of the application are all prior to 3.20.2, so everyone is advised to apply the latest patch that came out yesterday, updating to 3.20.2.34 or later. Thankfully, the process of retrieving the patch and applying the update is automated in the GeForce Experience app, so all that you’ll have to do it to launch it.

The NVIDIA GeForce Experience application for Windows is meant to aid users to keep their graphics card drivers up to date. Besides that, it enables people to run individual game titles on specific setting profiles, record and share gameplay videos, optimize the playing experience, and personalize the gameplay through the application of post-processing filters. Finally, it offers a “game news” section and lets users take part in giveaways through the app. However, none of the above is utterly necessary, as one can always grab the latest driver update from NVIDIA’s website and install it manually.

The NVIDIA GeForce Experience is just an additional susceptibility that some like to live with thanks to the conveniences that it brings. Back in June, we discussed the suite being vulnerable to arbitrary code execution and privilege escalation attacks, so this is not the first time that gamers had to deal with attack surfaces introduced by their GPU companion software. Of course, everything that we use is potentially risky, so using only the absolutely necessary would be the ideal approach, and the GeForce Experience isn’t fitting in it.

Are you using the NVIDIA GeForce Experience tool, or do you download and install your drivers manually? Let us know where you stand in the comments down below, or on our socials, on Facebook and Twitter.