NVIDIA has released a GPU display driver security update today, February 28, 2020, that fixes high and medium severity vulnerabilities that might lead to code execution, local escalation of privileges, information disclosure, and denial of service on unpatched Windows computers.
All GPU display driver security flaws patched today by NVIDIA require local user access which means that attackers will not be able to exploit them remotely but, instead, will need to first get a foothold on the system to execute exploit code targeting one the fixed bugs.
While these security flaws require would-be attackers to have local user access, they can also be abused via malicious tools remotely dropped on systems running vulnerable NVIDIA GPU display drivers.
Today's security updates also fix one high severity and two medium severity flaws in the NVIDIA Virtual GPU Manager and the NVIDIA vGPU graphics driver for guest OS that could lead to denial of service states when triggered.
NVIDIA advises all customers to patch their GeForce, Quadro, NVS, and Tesla Windows GPU display drivers by applying the security update available on the NVIDIA Driver Downloads page.
Enterprise NVIDIA vGPU software users will have to log into the NVIDIA Enterprise Application Hub to get the updates from the NVIDIA Licensing Center.
To find out which NVIDIA display driver version you currently have installed on your computer you can follow the detailed procedure detailed here.