Do you have an NVIDIA graphics card on your PC

Odds are pretty good that you do because they are everywhere. Be aware that the company recently released a security update. It patches a number of high severity vulnerabilities in the Windows GPU display driver that could allow a hacker to gain complete control over your system via escalation of privileges.

If there's a silver lining to be found in the announcement, it lies in the fact that all of the security flaws NVIDIA addressed require local access to exploit. So a hacker would first have to establish a beachhead on your system before exploiting the flaws. Even so, for a determined hacker, that's not much of an impediment, so patching the system should be considered a priority.

Here's a quick overview of the issues the latest patch addresses

  • CVE-2020-5979 - This is a flaw in the Control Panel component where the user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges.
  • CVE-2020-5980 - This issue arises from the fact that there are multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service.
  • CVE-2020-5981 - The Windows GPU Display Driver contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service.
  • CVE-2020-5982 - which is an issue in the Windows GPU Display Driver's kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service.

The first three are all scored 7.8 out of 10 in terms of severity, while the last one is scored 4.4 because it's somewhat harder for a hacker to exploit.

Our perspective

In any case, these are all serious issues that put your system at risk, so be sure your team knows to make installing the latest patch from NVIDIA a priority. It's always better to be safe than sorry.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~

 

By Denis Wilson and Melissa Stockwell

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI'm Denis Wilson, President and Principal Consultant for DWP Information Architects. We build people/process/technology solutions to create better business outcomes for smaller enterprises in Los Angeles. We have created cost-effective office productivity and out-sourced service solutions for over 20 years, focusing principally on manufacturing, professional services, and healthcare.  Our hallmarks are cloud and on-premises network reliability, cost-effective cybersecurity, and livable small business regulatory compliance.

I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs. Contact me if you would like me to speak at your association