Geforce Experience security hole

[M76]

A security flaw was discovered by Rhino Security Labs in the Geforce Experience software by NVIDIA allowing arbitrary file writes. That can be exploited to run malicious batch files with privilege escalation.

"With an arbitrary file write, you can force an application to overwrite any file on the system as a privileged user. Often, this just means you can cause a denial of service by overwriting critical system files, but if you can control the data that is being written in some way, often you can do more with it.

This vulnerability allowed any system file to be overwritten due to insecure permissions set on log files which GFE writes data to as the SYSTEM user. Additionally, one log file contained data that could be user-controlled, allowing commands to be injected into it and then written to as a batch files leading to code execution on other users and potentially privilege escalation. I will also describe how this vulnerability could have been chained with a denial of service vulnerability to gain full privilege escalation."

NVIDIA has fixed the vulnerability in the latest march 26. release (v 3.18), so if you're using that you should be safe. Otherwise If you're a Geforce Experience user you should download the new version.

 

[bigddybn]

What's the real world threat here? It seems if someone already has enough access to the machine to exploit this then you were already screwed anyway?

 

[TheOne&OnlyZeke]

And that folks....is not the reason I don't install G.Exp
I don't because its shit and bloatware I don't need

 

[SvenBent]

who the hell installs geforce experience anyway
bloatware no thanks

 

[criccio]

who the hell installs geforce experience anyway
bloatware no thanks

Love it. The simple built in FPS counter, quick saving of clips/screenshots that I can share to Youtube/Google Photos with a click, option to setup a simple stream should I want to. No downsides here.

 

[SvenBent]

Love it. The simple built in FPS counter, quick saving of clips/screenshots that I can share to Youtube/Google Photos with a click, option to setup a simple stream should I want to. No downsides here.

No for real though if its working for you and you don't mind/experience the random performance issues here and there, then that is perfect its your computer.
I prefer my system as "clean" as possible.

 

[criccio]

View attachment 151407


No for real though if its working for you and you don't mind/experience the random performance issues here and there, then that is perfect its your computer.
I prefer my system as "clean" as possible.

Same, but not at the expense of extremely convenient features that I use daily. Additionally, if there was any performance issues I would stop using it immediately.

 

[Krazy925]

who the hell installs geforce experience anyway
bloatware no thanks

View attachment 151407


No for real though if its working for you and you don't mind/experience the random performance issues here and there, then that is perfect its your computer.
I prefer my system as "clean" as possible.

I actually did this week when I was trying to get my Vive Wireless working.

Now I just feel dirty and I could feel that picture the entire time. I was laughing at myself.

But the wireless works now

 

[grim4593]

Not that it is acceptable but software bug patching is just whack-a-mole. By the time a piece of software is "mature" it is usually slated for replacement.
I am in the same boat as criccio, I think GeForce Experience works great. It has a good interface for recording clips and in my experience is far less buggy than Replay Hud, Overwolf, etc. The built in FPS counter is also useful for non-steam games. I don't pair it to social media or any of that crap though.

 

[Zarathustra[H]]

Love it. The simple built in FPS counter, quick saving of clips/screenshots that I can share to Youtube/Google Photos with a click, option to setup a simple stream should I want to. No downsides here.

Personally I would prefer a world with no overlays at all. I don't even like the steam overlay. I don't have a need for screenshots or any streaming functionality. Gaming is not a social activity to me. I play my single player games alone, and don't feel the need to share anything at all with anyone else, or see what anyone else has shared.

The one benefit I see with the Geforce Experience is the recommended optimal settings based on your hardware. They are usually not perfect for me, but they can help me quickly find a starting point that I can continue to tweak from.

I haven't had it installed in a while though. All th eNvidia processes running in the background, which I don't know what they do (probably spying on me) bothered me so I just decided to remove it.

 

[sadsteve]

Love it. The simple built in FPS counter, quick saving of clips/screenshots that I can share to Youtube/Google Photos with a click, option to setup a simple stream should I want to. No downsides here.

Heh, not a single thing I do. Glad I never installed it.

 

[Zarathustra[H]]

The built in FPS counter is also useful for non-steam games. I don't pair it to social media or any of that crap though.

I usually just put a full screen Rivatuner chart window (courtesy of MSI Afterburner) on one of my secondary screens so I can always monitor framerate, GPU temp, VRAM use, CPU load, etc. over time while in game.

 

[grim4593]

I usually just put a full screen Rivatuner chart window (courtesy of MSI Afterburner) on one of my secondary screens so I can always monitor framerate, GPU temp, VRAM use, CPU load, etc. over time while in game.

Right now I have a monitor mount with an extended arm attached to an end table so I can recline in my couch and game, then I can move it out of the way when I am not using it. I need to get a small second monitor to use as an information/Discord screen but I want it to be small enough that I can still fold it up out of the way if I had a second set of arms.

 

[tangoseal]

How do people find this shit? Like team Flouroessence or whatever thier name was that hacked Tesla and got a free car plus 500 large in other hack prizes.

 

[Zarathustra[H]]

Right now I have a monitor mount with an extended arm attached to an end table so I can recline in my couch and game, then I can move it out of the way when I am not using it. I need to get a small second monitor to use as an information/Discord screen but I want it to be small enough that I can still fold it up out of the way if I had a second set of arms.

That's an interesting way for doing it, for sure.

For me I play games in one place and one place only, in my office, at a proper desk, in a proper desk chair on a proper desktop

I don't have games anywhere else, nor do I want to. None on my phone, none in my living room.

 

[Dana_Overwolf]

Not that it is acceptable but software bug patching is just whack-a-mole. By the time a piece of software is "mature" it is usually slated for replacement.
I am in the same boat as criccio, I think GeForce Experience works great. It has a good interface for recording clips and in my experience is far less buggy than Replay Hud, Overwolf, etc. The built in FPS counter is also useful for non-steam games. I don't pair it to social media or any of that crap though.

Hey there, sorry to hear you've encountered bugs while using Overwolf. We're always striving to provide the best experience possible, but bugs will be bugs...
Anyway, if there's anything our support team can help with, please contact us through this form

 

[Draxanoth]

View attachment 151407


No for real though if its working for you and you don't mind/experience the random performance issues here and there, then that is perfect its your computer.
I prefer my system as "clean" as possible.

Performance issues compared to what? As far as I can tell GFE just sits there in a smidgen of memory causing me no grief at all, and provide massive utility through Shadowplay. If you don't want to hassle yourself with an external method of video capture, or the cost, I don't see anything that can even remotely compete with it for capture performance. It also doesn't suffer from compatibility issues you see with some games, which manifest as frame speedup/slowdown on software capturers, even when they aren't lagging while you play.

 

[SvenBent]

Performance issues compared to what? As far as I can tell GFE just sits there in a smidgen of memory causing me no grief at all, and provide massive utility through Shadowplay. If you don't want to hassle yourself with an external method of video capture, or the cost, I don't see anything that can even remotely compete with it for capture performance. It also doesn't suffer from compatibility issues you see with some games, which manifest as frame speedup/slowdown on software capturers, even when they aren't lagging while you play.

google it. ( i dont recall the links on top of my head.) but GE have hd it shares of issues with performance

 

[Draxanoth]

google it. ( i dont recall the links on top of my head.) but GE have hd it shares of issues with performance

I'm not going to spend time hunting for your talking points.

Even if I factor in the hiccups I experienced with Shadowplay in it's early years of development, it still pales in comparison to the performance drops offered by the software based recording most consumers used prior. If you want to record or save some fun replays with the touch of a button, without major performance drops or hooking up extra streaming hardware, it's worth a little green icon idling on your task bar.

I've heard OBS can operate it directly though, so if you really hate Nvidia knowing what games you play there may be execution alternatives now.