Nvidia engineers have released an update fixing a vulnerability that in some cases allows remote attackers to access super-user computers running the company's graphics cards.
The weekend release of the GeForce 310.90 Driver came 11 days after security researcher Peter Winter-Smith released attack code that exploited the vulnerability. The proof-of-concept code allows attackers to create a super-user account on vulnerable systems that is added to a network's Administrator group, according to SecurityWeek. This allows the account to be accessed remotely.
The vulnerability is especially troublesome for networks operated by large corporations or governmental agencies that have machines using GeForce graphics cards. Attackers who gain low-privileged access to a network can use the vulnerability to gain unfettered access to connected computers. Untrusted users could also use it to escalate privileges available on machines they have access to. The attack reportedly worked on fully updated computers running Microsoft's Windows 7 operating system.