Nvidia has plugged a critical flaw in its graphics card software that allowed hackers to gain "super-user" access to vulnerable PCs over a network.

The Nvidia GeForce display driver update, version 310.90, also features a number of other bug fixes and performance upgrades.

"The vulnerability allows a remote attacker with a valid domain account to gain super-user access to any desktop or laptop running the vulnerable service," HD Moore, the developer of Metasploit and chief security officer at Rapid7, told [1] SecurityWeek.

"This flaw also allows an attacker (or rogue user) with a low-privileged account to gain super-access to their own system, but the real risk to enterprises is the remote vector," he added.

The critical privilege elevation flaw was discovered [2] by UK security researcher Peter Winter-Smith.

The driver update can be downloaded here [3]. The accompanying summary of the update mentions a "security update for the Nvidia Display Driver service (nvvsvc.exe)" in one sentence but concentrates on claimed performance improvements for gamers, particularly fans of Call of Duty: Black Ops 2 and Assassin's Creed III.

More details of the update can be found in a bumper 67-page release notes document on Nvidia's website (PDF [4]). ®

Links

1. http://www.securityweek.com/researcher-unwraps-dangerous-Nvidia-driver-exploit-christmas-day
2. http://seclists.org/fulldisclosure/2012/Dec/261
3. http://www.geforce.com/drivers/results/55121
4. http://us.download.Nvidia.com/Windows/310.90/310.90-win8-win7-winvista-desktop-release-notes-whql.pdf

Related stories

• Nvidia revenues fight the PC tide, but annual profits pinched (14 February 2013)

  http://www.theregister.co.uk/2013/02/14/nvidia_q4_f2013_numbers/

• ATI Graphic cards turbo charge password recovery (17 March 2010)

  http://www.theregister.co.uk/2010/03/17/graphic_cards_password_recovery/

• Nvidia rooted by Linux graphics bug (17 October 2006)

  http://www.theregister.co.uk/2006/10/17/nvidia_linux_graphics_bug/