• We've upgraded our forums. Please post any issues/requests in this thread.

Does NVIDIA Display Driver Service Make Your System Vulnerable?

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
34,334 (9.23/day)
Likes
17,427
Location
Hyderabad, India
System Name Long shelf-life potato
Processor Intel Core i7-4770K
Motherboard ASUS Z97-A
Cooling Xigmatek Aegir CPU Cooler
Memory 16GB Kingston HyperX Beast DDR3-1866
Video Card(s) 2x GeForce GTX 970 SLI
Storage ADATA SU800 512GB
Display(s) Samsung U28D590D 28-inch 4K
Case Cooler Master CM690 Window
Audio Device(s) Creative Sound Blaster Recon3D PCIe
Power Supply Corsair HX850W
Mouse Razer Abyssus 2014
Keyboard Microsoft Sidewinder X4
Software Windows 10 Pro Creators Update
#1
An [ethical?] hacker going by the Twitter handle @peterwintrsmith discovered a gaping security hole in NVIDIA's display driver service that allows ordinary local and remote users to gain administrator privileges in Windows. Mr. Winter-Smith posted a description and details of the exploit, in which he describes the NVIDIA Display Device server (NVVSVC) as listening on a pipe (a means by which different processes talk to each other) "\pipe\nsvr," which has an null/empty discretionary access control list (DACL, a security whitelist for users/groups), letting ordinary logged in local and remote users (firewall permitting, and the remote admin has a local account) to gain administrator rights to the system. In our opinion, the exploit is plausible, and could cut short winter breaks of a few in Santa Clara.



Show full news post
 
Last edited:
Joined
May 14, 2012
Messages
883 (0.43/day)
Likes
75
Processor AMD Ryzen 5 1600X
Motherboard AsRock X370 Taichi
Cooling Corsair H60 Liquid Cooling
Memory 16 GB CORSAIR Vengeance LPX 3000 Mhz (Running at 2933)
Video Card(s) Gigabyte G1 GTX 1070
Storage 240 GB Kingston SSD, 7 TB's of HDD
Display(s) Dell 16:10 20" Monitor
Case Phanteks Enthos Pro M
Audio Device(s) Integrated
Power Supply Corsair 750 P2
Mouse Mionix Naos 8200
Keyboard G Skill Ripjaws RGB Mechanical Keyboard
Software Windows 10 Pro
#2
So that means they need to fix it!
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
10,401 (4.84/day)
Likes
5,481
Location
Concord, NH
System Name Kratos
Processor Intel Core i7 3930k @ 4.2Ghz
Motherboard ASUS P9X79 Deluxe
Cooling Zalman CPNS9900MAX 130mm
Memory G.Skill DDR3-2133, 16gb (4x4gb) @ 9-11-10-28-108-1T 1.65v
Video Card(s) MSI AMD Radeon R9 390 GAMING 8GB @ PCI-E 3.0
Storage 2x120Gb SATA3 Corsair Force GT Raid-0, 4x1Tb RAID-5, 1x500GB
Display(s) 1x LG 27UD69P (4k), 2x Dell S2340M (1080p)
Case Antec 1200
Audio Device(s) Onboard Realtek® ALC898 8-Channel High Definition Audio
Power Supply Seasonic 1000-watt 80 PLUS Platinum
Mouse Logitech G602
Keyboard Rosewill RK-9100
Software Ubuntu 17.10
Benchmark Scores Benchmarks aren't everything.
#3
So that means they need to fix it!
The question is how long has it been there and should nVidia have fixed it (and found it,) before now. I think this is just another example of how drivers are never perfect and is another reason why people shouldn't bash AMD or nVidia for drivers that they've dumped a lot of time and effort into.
 
Joined
Aug 17, 2009
Messages
1,577 (0.52/day)
Likes
461
Location
Los Angeles/Orange County CA
System Name Vulcan
Processor i6 6600K
Motherboard GIGABYTE Z170X UD3
Cooling Thermaltake Frio Silent 14
Memory 16GB Corsair Vengeance LPX 16GB (2 x 8GB)
Video Card(s) ASUS Strix GTX 970
Storage Mushkin Enhanced Reactor 1TB SSD
Display(s) QNIX 27 Inch 1440p
Case Fractal Design Define S
Audio Device(s) On Board
Power Supply Cooler Master V750
Software Win 10 64-bit
#4
Those darn buggy NVIDIA drivers! When are they going to fix them?


Just kidding. It's a joke. Get it?
 
Joined
Oct 8, 2012
Messages
1,364 (0.72/day)
Likes
411
Location
Israel
Processor Intel Core i5 3570K @ 4.5Ghz
Motherboard Gigabyte Z77X UD5H
Cooling Antec H20 920
Memory Corsair Dominator Platinum DDR3 4x4GB 2000mhz 9-11-10-24 CR-1
Video Card(s) EVGA GTX 970 SC
Storage Crucial M500 240Gb/Seagate Barracuda 2TB
Display(s) LG 29UM67 2560x1080 75hz IPS
Case Coolermaster 690
Audio Device(s) Creative X-FI Titanium + Sennheiser PC360
Power Supply Corsair TX850
Mouse Logitech G502 Proteus Spectrum
Keyboard Logitech G710+
Software Windows 7 Ultimate 64bit
#5
Does not sound legit.
 
Joined
Dec 9, 2007
Messages
746 (0.20/day)
Likes
88
#6
It might be plausible to exploit this, but come on:

...and the remote admin has a local account...
This alone tells me it would be extremely hard for a hacker to exploit this bug unless they've already infiltrated or otherwise compromised your network elsewhere. :ohwell:
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
24,277 (5.51/day)
Likes
10,367
Location
Indiana, USA
Processor Intel Core i7 4790K@4.6GHz
Motherboard AsRock Z97 Extreme6
Cooling Corsair H100i
Memory 32GB Corsair DDR3-1866 9-10-9-27
Video Card(s) ASUS GTX960 STRIX @ 1500/1900
Storage 480GB Crucial MX200 + 2TB Seagate Solid State Hybrid Drive with 128GB OCZ Synapse SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Corsair 650D Black
Audio Device(s) Onboard is good enough for me
Power Supply Corsair HX850
Software Windows 10 Pro x64
#7
So let me get this straight. For someone to exploit this vulnerability the following must be true:

  1. The attacker mush know the username and password of an active local user account on the machine.
  2. The firewall has to allow traffic in through whatever port the service is listening on.

You'd have to have a pretty shitty security setup already for this vulnerability to really affect you.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,057 (3.44/day)
Likes
17,961
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#8
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)
 
Joined
Jun 3, 2007
Messages
22,400 (5.82/day)
Likes
8,922
Location
'Merica. The Great SOUTH!
System Name The Mailbox 4.5
Processor Intel i7 2600k @ 4.2GHz
Motherboard Gigabyte Z77X-UP5 TH Intel LGA 1155
Cooling Scythe Katana 4
Memory G.SKILL Sniper Series 16GB DDR3 1866: 9-9-9-24
Video Card(s) MSI 1080 "Duke" with 8Gb of RAM. Boost Clock 1847 MHz
Storage 256Gb M4 SSD, 500Gb WD (7200) 128Gb Agelity 4 SSD
Display(s) LG 29" Class 21:9 UltraWide® IPS LED Monitor 2560 x 1080
Case Cooler Master 922 HAF
Audio Device(s) SupremeFX X-Fi with Bose Companion 2 speakers.
Power Supply SeaSonic X Series X650 Gold
Mouse SteelSeries Sensei (RAW) and a Wacom Intuos 4 tablet.
Keyboard Razer BlackWidow
Software Windows 10 Pro (64-bit)
Benchmark Scores Benching is for bitches.
#9
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)
Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

Torrents........that's a different story.
 

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
34,334 (9.23/day)
Likes
17,427
Location
Hyderabad, India
System Name Long shelf-life potato
Processor Intel Core i7-4770K
Motherboard ASUS Z97-A
Cooling Xigmatek Aegir CPU Cooler
Memory 16GB Kingston HyperX Beast DDR3-1866
Video Card(s) 2x GeForce GTX 970 SLI
Storage ADATA SU800 512GB
Display(s) Samsung U28D590D 28-inch 4K
Case Cooler Master CM690 Window
Audio Device(s) Creative Sound Blaster Recon3D PCIe
Power Supply Corsair HX850W
Mouse Razer Abyssus 2014
Keyboard Microsoft Sidewinder X4
Software Windows 10 Pro Creators Update
#10
Number one would be the hard part I assume.
Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.
 
Joined
Apr 18, 2012
Messages
361 (0.17/day)
Likes
83
Processor Intel Core i7 6700k
Motherboard AsRock Z170 Gaming-ITX/ac
Cooling Seidon 120V Plus
Memory 16GB (2x8GB) Corsair Vengeance
Storage Samsung 850 Evo
Power Supply Silverstone SX-500 L
#11
A few week(s) after AMD announces a patch, nvidia leak is found by an ethical hacker. Maybe this guy was the one who alerted AMD privately..

AMD FANBOI

Make something like bronypics.exe, post it on a few adult bbs' and get a million users of your app in a day.
:laugh:
 
Joined
Nov 18, 2010
Messages
3,831 (1.48/day)
Likes
2,220
Location
Rīga, Latvia
System Name HELLSTAR
Processor Intel 5820K @ 4.6GHz
Motherboard Gigabyte GA-X99-UD3
Cooling Custom Loop. 360+240 rads.
Memory 4x8GB Corsair Vengeance LPX 3200MHz 15-17-17-35
Video Card(s) ASUS 1080 Ti FE + water block
Storage Optane 32GB + Samsung 950Pro 256GB NVMe + 750 EVO 500GB
Display(s) Philips PHL BDM3270
Case Phanteks Enthoo Evolv ATX Tempered Glass
Audio Device(s) Sound Blaster ZxR
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer Deathstalker
Software Windows 10 insider
#12
The Red empire strikes back? Who said our cards stutter? At least our ones are not full of germs :laugh:
 

Krneki

New Member
Joined
Dec 19, 2011
Messages
23 (0.01/day)
Likes
0
#14
In 2012

In this day and age someone is still running a Windows system without a firewall/router?

In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).
 
Joined
Sep 15, 2011
Messages
978 (0.43/day)
Likes
215
Location
coast ,melbourne
System Name THE MEDIAMACHINE
Processor i5-3570k
Motherboard Asus gene v z-77 matx.
Cooling Antec h20 620
Memory 2x4gb g.skill ripjaws z 2400
Video Card(s) h.i.s radeon 7950 reference 3 gb- hooray!!!
Storage samsung 128gb~830 ssd. samsung 500gb hdrive.
Display(s) 22 inch tele.
Case circa 1996 grey rat box with no sides front.until my own is finished
Audio Device(s) inbuilt creative.supreme effects 3
Power Supply thermaltake tt-500w
Software win 7 x64-
Benchmark Scores Coming soon
#15
Doesn't sound like that much of a worry.
 

DanTheBanjoman

Señor Moderator
Joined
May 20, 2004
Messages
10,488 (2.12/day)
Likes
1,331
#16
1) Put it in a legitimate download that runs on the user's local machine (without admin privileges).
2) Get the current username via code (very easy)
3) Run the exploit, BAM admin
4) Do evil things(tm)
So basically... don't download gpu-z and other software form here until it's fixed.
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
10,401 (4.84/day)
Likes
5,481
Location
Concord, NH
System Name Kratos
Processor Intel Core i7 3930k @ 4.2Ghz
Motherboard ASUS P9X79 Deluxe
Cooling Zalman CPNS9900MAX 130mm
Memory G.Skill DDR3-2133, 16gb (4x4gb) @ 9-11-10-28-108-1T 1.65v
Video Card(s) MSI AMD Radeon R9 390 GAMING 8GB @ PCI-E 3.0
Storage 2x120Gb SATA3 Corsair Force GT Raid-0, 4x1Tb RAID-5, 1x500GB
Display(s) 1x LG 27UD69P (4k), 2x Dell S2340M (1080p)
Case Antec 1200
Audio Device(s) Onboard Realtek® ALC898 8-Channel High Definition Audio
Power Supply Seasonic 1000-watt 80 PLUS Platinum
Mouse Logitech G602
Keyboard Rosewill RK-9100
Software Ubuntu 17.10
Benchmark Scores Benchmarks aren't everything.
#17
Joined
Mar 15, 2008
Messages
1,069 (0.30/day)
Likes
147
#18
Fear, uncertainty and doubt (FUD), is a tactic used in sales, marketing, public relations, politics and propaganda.

FUD is generally a strategic attempt to influence perception by disseminating negative and dubious or false information. An individual firm, for example, might use FUD to invite unfavorable opinions and speculation about a competitor's product; to increase the general estimation of switching costs among current customers; or to maintain leverage over a current business partner who could potentially become a rival.

The term originated to describe disinformation tactics in the computer hardware industry but has since been used more broadly.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
17,057 (3.44/day)
Likes
17,961
Processor Core i7-4790K
Memory 16 GB
Video Card(s) GTX 1080
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 7
#19
There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.
 
Joined
Nov 18, 2010
Messages
3,831 (1.48/day)
Likes
2,220
Location
Rīga, Latvia
System Name HELLSTAR
Processor Intel 5820K @ 4.6GHz
Motherboard Gigabyte GA-X99-UD3
Cooling Custom Loop. 360+240 rads.
Memory 4x8GB Corsair Vengeance LPX 3200MHz 15-17-17-35
Video Card(s) ASUS 1080 Ti FE + water block
Storage Optane 32GB + Samsung 950Pro 256GB NVMe + 750 EVO 500GB
Display(s) Philips PHL BDM3270
Case Phanteks Enthoo Evolv ATX Tempered Glass
Audio Device(s) Sound Blaster ZxR
Power Supply Fractal Design Newton R3 1000W
Mouse Razer Basilisk
Keyboard Razer Deathstalker
Software Windows 10 insider
#20
There is no FUD in this. In half a day every half decent programmer can write some code that exploits the vulnerability. With probably no antivirus catching it.
The problem is always figuring out how to make a safe profit :D
 
Joined
Nov 4, 2005
Messages
9,947 (2.25/day)
Likes
2,309
System Name MoFo 2
Processor AMD PhenomII 1100T @ 4.2Ghz
Motherboard Asus Crosshair IV
Cooling Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory 8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s) HD7970 1250/1750
Storage Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s) 46" 1080P Toshiba LCD
Case Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s) ATI HDMI
Power Supply 750W PC Power & Cooling modded (thanks to MKmods)
Software A lot.
Benchmark Scores Its fast. Enough.
#21
Number one would be the hard part I assume. Someone would have to knowingly allow such an exploit to be installed which would eliminate 99.99999% of legitimate downloads from companies.

Torrents........that's a different story.
Drive by downloads, or java exploit, need I say more.

Wait

And browser hijack redirects.


I'm growing a beard™, so I am safe.
 
Joined
Dec 22, 2011
Messages
2,080 (0.95/day)
Likes
1,157
System Name Zimmer Frame Rates
Processor Intel i7 920 @ Stock speeds baby
Motherboard EVGA X58 3X SLI
Cooling True 120
Memory Corsair Vengeance 12GB
Video Card(s) Palit GTX 980 Ti Super JetStream
Storage Of course
Display(s) Crossover 27Q 27" 2560x1440
Case Antec 1200
Audio Device(s) Don't be silly
Power Supply XFX 650W Core
Mouse Razer Deathadder Chroma
Keyboard Logitech UltraX
Software Windows 10
Benchmark Scores Epic
#22
The exploit mainly affects "domain-based machine" with "relaxed firewall rules" and file sharing enabled.

Oh noes!
 
Joined
Jun 20, 2007
Messages
3,833 (1.00/day)
Likes
594
System Name Medusa
Processor i7 2600k @4.8ghz
Motherboard Asus P8P67 Pro
Cooling CPU : Noctua NH-L12 GPU: EK FC 1080 via Magicool 360 III PRO > Photon 170 (D5)
Memory 8gb Corsair XMS DDR3 @1600mhz
Video Card(s) GTX 1080 FE
Storage Vertex 4 256 /Crucial C300 256/ Hitachi 2TB 2x
Display(s) Tempest X270OC @ 120hz / LG W3000h
Case Fractal Define S [Antec Skeleton hanging in hall of fame]
Audio Device(s) Asus Xonar Xense with AKG K612 cans on Monacor SA-100
Power Supply Seasonic X-850
Mouse Razer Naga 2014
Software Windows 10 Pro
Benchmark Scores FFXIV ARR Benchmark 1600p score 12,098[this means nothing any more!]
#23
In this day and age someone is still running a Windows system without a firewall/router?

In this case never mind the Nvidia/ATI shitty drivers, he is already a zombie (botnet).
Don't you have that the other way around? What normal home network uses Windows firewall or any soft-firewall for that matter?
And if a commercial network already has infiltration to the backdoor level *as is required for this to be an issue* then who cares, you're in trouble already.

Sounds like this guy is turning a molehill into a mountain just to get some press.

Drive by downloads, or java exploit, need I say more.

Wait

And browser hijack redirects.


I'm growing a beard™, so I am safe.

A) Hosts files
B) Don't visit shady websites/open shady email attachments
C) Take control/concern with your Active X and Java
D) All remote registry services disabled (until the time of requirement/access needed)

Statistically impossible for you to get a blown virus. About the worst you may encounter is a sneaky bit of malware that slipped in through browser controls and all it does is snoop or redirect you to paysites.
 
Last edited:
Joined
Dec 22, 2011
Messages
2,080 (0.95/day)
Likes
1,157
System Name Zimmer Frame Rates
Processor Intel i7 920 @ Stock speeds baby
Motherboard EVGA X58 3X SLI
Cooling True 120
Memory Corsair Vengeance 12GB
Video Card(s) Palit GTX 980 Ti Super JetStream
Storage Of course
Display(s) Crossover 27Q 27" 2560x1440
Case Antec 1200
Audio Device(s) Don't be silly
Power Supply XFX 650W Core
Mouse Razer Deathadder Chroma
Keyboard Logitech UltraX
Software Windows 10
Benchmark Scores Epic
#24