An attacker would only be able to successfully exploit the vulnerability if they were on a machine in the same domain and firewall rules were severely relaxed, or file sharing were turned on. With local access, an attacker could elevate their privileges to root, or if the above conditions were met, could gain remote access from the same domain. I’ve (fortunately) not heard of any reports of this issue being exploited in the wild; I didn’t anticipate that I would, given the constraints on the attack vector.
Even though the vulnerability is not considered to be particularly critical, the Nvidia driver update does include a patch which fixes the security flaw. The new drivers also enhance game play for certain titles:
What does this mean for you?
In layman’s terms; the vulnerability, as reported by Mr. Winter-Smith, can only be exploited locally… from a hands on position, and not remotely. This means that for the individual home user it presents a very low level of risk.
As far as drivers are concerned, I’m a great believer in the common adage… ‘if it isn’t broken, it doesn’t need fixing’, and I’m certainly no game player. That said, I’ll probably update my Nvidia graphic card driver at some time with this new version.
If you’re concerned at all about the security aspect or if you’re a game player who’d appreciate the enhancements, you can download the latest driver from the manufacturer’s website here: http://www.geforce.com/drivers
As you can see from the above screenshot, the page includes a tool which will scan your hardware and identify the correct driver for you:
NVIDIA GPU Reader is a web-based applet that identifies your GPU and finds the latest graphics driver for your GPU. A small Java Applet is downloaded the first time you run the service. This Java Applet only looks at and verifies your system components when you instruct it to do so from the website. This system information is then used to determine the best driver for your GPU.
However, if you’re not entirely happy downloading the applet and/or allowing the scan, you can easily identify your Nvidia card model via Device Manager:
In Windows 7:
- Click on Start, then right click Computer and select Manage
- In the ‘Computer Management’ window, click on Device Manager (in the left hand panel)
- Look down the list for Display adapters and expand that entry
Armed with that information you can now use the manual system to access your new driver.