NVIDIA said that it would patch a driver exploit disclosed by a researcher on Christmas Day, which allows an attacker to gain super-user access to any desktop or laptop running the vulnerable software. Read More ..
Last week, SecurityWeek covered the disclosure from Peter Winter-Smith, a researcher from the U.K., who published details about an interesting exploit he discovered within the NVIDIA Display Driver Service.
“The service listens on a named pipe (\pipe\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability,” he Winter-Smith wrote.
"The NVidia vulnerability identified by Peter Winter-Smith is a serious risk to any organization using these drivers on enterprise systems," HD Moore, CSO at Rapid7 and Chief Architect for Metasploit told SecurityWeek at the time. "The vulnerability allows a remote attacker with a valid domain account to gain super-user access to any desktop or laptop running the vulnerable service."