NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux February 25, 2019 https://www.bleepingcomputer.com/ne...sues-in-gpu-display-driver-for-windows-linux/
Sounds spooky Update your drivers boys I'm using latest non-beta 1809 build, 17763.316, and ddu doesn't work for me, on a clean install of windows 10 it refuses to do anything and closes by itself, according to the forums https://www.wagnardsoft.com/forums/viewtopic.php?f=5&t=1490&sid=e40353c88c57d037001e2c9dadd55f3a they say any version above 17763.55 (three digits) is not guaranteed to work, so I guess for now I'll stick with the control panel uninstall and my collection of uninstallers that each bring something to the table when it comes to uninstalling You have to open nvidia's big pdf file to find changes, they just say "Provides the optimal gaming experience for Anthem and DiRT Rally 2.0" in the short changelog, you'd never know there's so many changes both performance-wise and security-wise without opening their big pdf file https://us.download.nvidia.com/Windows/419.17/419.17-win10-win8-win7-desktop-release-notes.pdf Even worse they release a new driver every 2 weeks or so, sometimes even less, last 4 drivers were 15 jan, 4, 13, 22 feb
Sergiu Gatlan writes, "While all these software flaws require local user access and cannot be exploited remotely, attackers could take advantage of them by remotely planting malicious tools through various means on a system running a vulnerable NVIDIA GPU Display Driver." How can those vulnerabilities as mentioned in NVIDIA Security Bulletin 4772 be exploited remotely, as Sergiu Gatlan seems to claim, if all are AV:L (Attack Vector:Local)? Isn't the definition of AV:L that it is only exploitable with local access? As all vulnerabilities mentioned in NVIDIA Security Bulletin 4772 have vectors AV:L, I don't see any difference with any previous NVIDIA vulnerabilities with vector AV:L. Where Sergiu Gatlan writes "attackers could take advantage of them by remotely planting malicious tools through various means", does he mean by other (non NVIDIA) vulnerabilities? If so - yeah, but that is true for any other AV:L vulnerability, of course. It doesn't make it any more scarier than any other AV:L vulnerability.
Well, even despite wondering about actual risks to the average user, I went ahead and DDU'd in safe mode (thank goodness, for me DDU works well, I used version 18.0.0.9 running Windows 10 v. 1809 17763.316) and regained about 2 additional GB of disk space from removal of other NVIDIA junk besides the driver. So far the driver 419.17 seems to be OK, especially with startup. So far. Usually, I keep one or two versions behind the latest, more out of really disliking installing this driver and all the junk removal and telemetry-disabling afterward. Maybe the above DDU version is more suitable for Windows v.1809 now? Edit: Oh I see where, on the webpage, it's stated it's at your own risk for higher than 17763.xx. Thanks, Floyd57
Nvidia Warns Windows Gamers on GPU Driver Flaws May 10, 2019 https://threatpost.com/nvidia-windows-gamers-gpu-flaws/144595/
NVIDIA Patches High Severity Flaws in Windows GPU Display Driver August 2, 2019 https://www.bleepingcomputer.com/ne...severity-flaws-in-windows-gpu-display-driver/ NVIDIA: Security Bulletin: NVIDIA GPU Display Driver - August 2019
NVIDIA Fixes Security Flaws in GPU Driver, GeForce Experience November 6, 2019 https://www.bleepingcomputer.com/ne...urity-flaws-in-gpu-driver-geforce-experience/ NVIDIA: Security Bulletin: NVIDIA GPU Display Driver - November 2019 Security Bulletin: NVIDIA GeForce Experience - November 2019
NVIDIA Fixes High Severity Flaw in Windows GPU Display Driver February 28, 2020 https://www.bleepingcomputer.com/ne...-severity-flaw-in-windows-gpu-display-driver/ NVIDIA: Security Bulletin: NVIDIA GPU Display Driver - February 2020
NVIDIA patches high severity flaws in Windows, Linux drivers June 24, 2020 https://www.bleepingcomputer.com/ne...high-severity-flaws-in-windows-linux-drivers/ NVIDIA: Security Bulletin: NVIDIA GPU Display Driver - June 2020
Use an NVIDIA GPU? Check whether you need security updates October 1, 2020 https://www.helpnetsecurity.com/2020/10/01/nvidia-gpu-security-updates/ NVIDIA: Security Bulletin: NVIDIA GPU Display Driver - September 2020 Cisco Talos: Vulnerability Spotlight: Remote code execution bugs in NVIDIA D3D10 driver Pen Test Partners: DLL Hijacking in NVIDIA SMI
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021. January 7, 2021 https://threatpost.com/nvidia-windows-gamers-graphics-driver-flaws/162857/ NVIDIA: Security Bulletin: NVIDIA GPU Display Driver - January 2021
Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks. April 26, 2021 https://threatpost.com/nvidia-security-bugs-gpu-vgpu/165597/ NVIDIA: Security Bulletin: NVIDIA GPU Display Driver - April 2021
