Nvidia GeForce 310.90 driver update fixes security vulnerability - gHacks Tech News

Nvidia GeForce 310.90 driver update fixes security vulnerability

A security vulnerability has been discovered recently in the NVIDIA display driver nvvsvc.exe belonging to the NVIDIA Driver Helper Service which is installed during the GeForce graphics driver installation. Attackers may exploit the vulnerability to increase rights on the system to access sensitive data and systems. Access to a system account seems necessary to exploit the vulnerability, possible vectors include phishing attacks to gain access to low-level system accounts to run the exploit on.

It has been a serious risk for enterprises and organizations who use affected drivers on their systems. One option to mitigate the security vulnerability was to disable the service that started the nvvsvc.exe process on the system.

NVIDIA has released an update to its GeForce driver yesterday that resolves the security vulnerability in the driver and brings the version of the driver to 310.90. It is a WHQL - Windows Hardware Quality Labs - release which means it has been run through a series of tests and that Microsoft has reviewed the log files of the tests and created a digitally signed certification that is included in the driver installation package.

The GeForce 310.90 drivers are said to improve the performance for games and applications. Black Ops 2 and Assassin's Creed III players may notice performance boosts up to 26% or 18% and improved antialising effects.  Additional performance improvements for GeForce GTX 690 and 680 video cards are listed in the official release notes. The notes are posted on the same page the updated driver can be downloaded from.

It is highly recommended to select custom installation to avoid the installation of drivers and software that you do not make use of on your PC. Check out this overview of NVIDIA driver components to find out which drivers you need to install and which you may not need at all.

nvidia geforce 310.90

There you also find a solution to block the two processes nvvsvc.exe and nvxdsync.exe from running all the time on the system. You may have noticed that one of them is the process that has been vulnerable to the exploit.

It is highly recommended to install the NVIDIA GeForce driver update as quickly as possible on vulnerable systems to protect them from attacks and the exploit.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. Doon said on January 6, 2013 at 4:23 pm
      Reply

      Updated with no problems.

      Thanks Martin.

    2. ilev said on January 6, 2013 at 8:03 pm
      Reply

      There is a problem that you update drivers on OEM laptops other than those updated by the manufacturers. You have to wait long for those updates.

    3. ilev said on January 6, 2013 at 8:04 pm
      Reply

      …that you can’t update drivers…

    4. Rick said on January 7, 2013 at 12:08 am
      Reply

      Ahh but you can update … you just have to add your hardware ID to the inf file.

    5. ilev said on January 7, 2013 at 6:51 am
      Reply

      Rick

      The ID is there as the hardware is installed by the OEM. The problem that those updates are not approved by the OEM and you could lose your warranty/support.

    6. Tim said on January 7, 2013 at 6:37 pm
      Reply

      So what happens if you have a GeForce 7 Series graphics card, which isn’t on the list of supported products for 310.90? Are they just going to ignore the security vulnerability?

    7. Anthony said on January 7, 2013 at 8:43 pm
      Reply

      Try going through the main page and selecting your particular card. Mine is a GTX 260 which isn’t supported to the sub-flavor linked to here. By going through the selection process, I was able to find one that supports my card.

    8. mmg1818 said on January 7, 2013 at 9:54 pm
      Reply

      i update to 310.90 and restart pc and no login in windows 8.

      sistem restore to 306.97

    9. michel said on January 8, 2013 at 1:02 am
      Reply

      So if I follow the tip to stop the service, do I need to upgrade? Every time I update the video driver, I have a lot of system trouble. Every time. I’ll go with another video card maker next time.

    10. Tim said on January 9, 2013 at 6:45 pm
      Reply

      “Try going through the main page and selecting your particular card”

      No, it only lists 306.97 drivers. And looking at the release notes it says the following:

      “GeForce 6-series and GeForce 7-series GPUs have moved to legacy support with the GeForce Release 304 drivers. These products are no longer supported beginning with the GeForce Release 310 drivers.”

      So, as this is a security vulnerability, Nvidia should really issue a patch for the 306.97 driver, so that people who can’t install the 310.90 driver are not vulnerable to this security flaw in their software.

    11. Tim said on January 12, 2013 at 5:23 pm
      Reply

      For anyone who’s interested, here’s the latest from Nvidia on GeForce 6-series and GeForce 7-series GPUs:

      “We will be releasing an updated driver in the next week or two that is based on an earlier driver branch for Geforce 6/7 series customers, which will include the security fix. “

    Leave a Reply