NVIDIA Releases Update For Critical GeForce Experience Security Flaw, Patch Now
Quick, sound the alarms, GeForce Experience
is fatally flawed and we're all doomed. DOOMED, I tell you! Just kidding (I may have had too much coffee this morning)—the flaw is not fatal, and we're not doomed. However, NVIDIA
really is pushing out a security update to patch a vulnerability in GeForce Experience that could otherwise lead to a denial of service (DoS) attack or escalation of privileges.
Scary stuff, right? Normally those consequences would be cause for grave concern, but in this case, a potential attacker would need local access to your machine. The exploit itself can't be triggered remotely, in other words. Even so, it is considered a high severity security threat with a CVSS (Common Vulnerability Scoring System) V3 base score of 8.4.
"NVIDIA GeForce Experience contains a vulnerability when GameStream is enabled in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges," NVIDIA explains.
While this exploit requires local access, Bleeping Computer says it can still be abused by way of malicious tools dropped remotely on systems running vulnerable versions of GeForce Experience. The bottom line is, if you are using GeForce Experience, you should update to the latest version.
How To Update GeForce Experience
If you are unsure which version of GeForce Experience you have installed, click on the gear icon next to your username. This brings up the Settings page. In the About section, it lists which version you are running. You need 3.20.2.xx to be protected from the latest security threat.
There are two ways you can update GeForce Experience. One is to exit the program completely (don't just click the "X" in the upper-right corner, go into the taskbar, right-click the GeForce Experience icon, and select Exit), and then reload it. GeForce Experience should automatically fetch the latest update.