The truth is that the software related to graphics cards news has rarely been a problem of this nature. However, it has been found that the control panel included with the driver of the Nvidia GPU is affected by a security problem that allows applications to run malware on a computer.
But you need a little more specific information, especially since the security problem is not in the driver itself but a function of the control panel for managing the configuration when you have multiple connected displays. All operating systems are affected by this vulnerability has already been listed as CVE-2015-7866. However, information is still quite limited and has only been known that the products concerned with those who belong to the product line GeForce and Quadro, so at first all other would be free.
There have been no published versions that are affected, but it has been known that since the manufacturer has released version 341.92, 354.35 and 358.87 of drivers for users to carry out the upgrade.
The Nvidia GPU also caused problems in Linux
Or rather, the software that allows its configuration. In this case recorded the CVE-2015-5053 vulnerability affecting the GeForce, Quadro, Tesla and Tegra lines, a ruling that abracaba much more than this time, although the nature was very similar to that hand.
This allowed third parties to perform DoS attacks against Team fully remotely, causing Internet does not work and that the team would show slow to perform some operations.
Now, the vulnerability affecting Windows computers could allow a third party realizase execution of malicious code in the operating system remotely and using the privileges of the control panel of the GPU, offering the possibility that the virus is installed correctly in the computer and it is not detected by security tools.
Fuente:https://www.redeszone.net/
Entusiasta de la seguridad cibernética. Especialista en seguridad de la información, actualmente trabajando como especialista en infraestructura de riesgos e investigador.
Experiencia en procesos de riesgo y control, soporte de auditoría de seguridad, diseño y soporte de COB (continuidad del negocio), gestión de grupos de trabajo y estándares de seguridad de la información.
Envía tips de noticias a info@noticiasseguridad.com o www.instagram.com/iicsorg/.
También puedes encontrarnos en Telegram www.t.me/noticiasciberseguridad