Security News NVIDIA GeForce Experience Software Security Updates for Multiple Vulnerabilities When GameStream is Enabled

[LASER_oneXM]

Content source

https://nvidia.custhelp.com/app/answers/detail/a_id/4685/~/security-bulletin:-nvidia-geforce-experience-software-security-updates-for

Updated 08/30/2018 11:55 AM

NVIDIA GeForce Experience contains vulnerabilities when GameStream is enabled which may lead to escalation of privileges, denial of service, or information disclosure.

Vulnerability Details
The following sections summarize the potential vulnerabilities. Descriptions use CWETM and risk assessments follow the CVSS V3 standard.
CVE-2018-6257

NVIDIA GeForce Experience contains a potential vulnerability when GameStream is enabled where improper access control may lead to a denial of service, escalation of privileges, or both.

CVSS V3 Base Score: 8.8
CVSS V3 Vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2018-6258

NVIDIA GeForce Experience contains a potential vulnerability during GameStream installation where an attacker who has system access can potentially conduct a Man-in-the-Middle (MitM) attack to obtain sensitive information.

CVSS V3 Base Score: 7.7
CVSS V3 Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H
CVE-2018-6259

NVIDIA GeForce Experience contains a potential vulnerability when GameStream is enabled, an attacker has system access, and certain system features are enabled, where limited information disclosure may be possible.

 

[plat]

One technically doesn't need GeForce Experience anyway. I custom install just the graphics driver and if GeForce Exp. installs anyway, I remove it from the system.

 

[Quassar]

i instaled this soft 1 time long time ago and his def seting wthich over me for optimize games worked worth apply 120 fps instald of 60 while mine monitor worked only on 60hz and such other things


from this time i instal in custome mode drivers: main drivers + physx and nothing more...

 

[ForgottenSeer 58943]

Never install GFE, just install the drivers. Then go into Task Scheduler and disable all of the telemetry gathering and transmission tasks.

Never trust this kind of software.

 

[AriDfoix]

I don't need the extra sauce, so, from about two years I am using this little program only to update my nvidia drivers:

ElPumpo/TinyNvidiaUpdateChecker

Moreover, as ForgottenSeer 58943 said, i go inside autorun and disable the telemetry scheduled tasks that the program set.

Happened to me one day to throw a debugger, and see the nvidia always calling home, when I saw what was the content of the string, I decided to find a way.

I am sure they have many more surprises...

 

[Quassar]

Telemetry everyhere even in drivers:/