Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Nvidia Display Driver Service Attack Escalates Privileges On Windows Machines

timothy posted about 2 years ago | from the knowledge-counteracts dept.

Security 129

L3sPau1 writes "A zero-day exploit has been found in the Nvidia Display Driver Service on Windows machines. An attacker with local access can use the exploit to gain root privileges on a Windows machine. Windows domains with relaxed firewall rules or file sharing enabled can also pull off the exploit, which was posted to Pastebin by researcher Peter Winter-Smith."

cancel ×

129 comments

Sorry! There are no comments related to the filter you selected.

Easy solution (4, Insightful)

Synerg1y (2169962) | about 2 years ago | (#42406011)

Use Omega drivers, I stopped using Nvidia drivers about the time they started putting an Nvidia windows user on my systems for "gathering performance data".

Re:Easy solution (2, Insightful)

Anonymous Coward | about 2 years ago | (#42406137)

If they have "local access" hey can pretty much do what anyway

Re:Easy solution (5, Informative)

k_187 (61692) | about 2 years ago | (#42406145)

You mean the nVidia Omega drivers based on a version from 2007? Or the ones that the creator said a year ago he'd no longer be able to support?

Re:Easy solution (1)

Anonymous Coward | about 2 years ago | (#42406209)

If you think the omega drivers aren't from Nvidia I have a bridge to sell you.

Re:Easy solution (1)

Synerg1y (2169962) | about 2 years ago | (#42406609)

They're based on nvidia drivers, just like linux is based off of unix to a lesser extent, however what I appreciate the most about them is the installer isn't nearly as invasive, pretty sure it installs that extra user with just the drivers from the OEM, regardless of whether you choose to install the console or not. They used to serve a more important purpose and that's providing stable drivers the many times nvidia fell short.

Re:Easy solution (0)

Anonymous Coward | about 2 years ago | (#42406649)

Wrong.... They took the results of a bog standard nvidia install and repackaged it inside their own installer. The omega "drivers" could be distributed as a perl script that applies the same modifications to the registry and removal of certain nvidia files. He has no programming experience and no access to source code, so stability improvements would beggar belief. The actual driver is binary/checksum identical, and out-of-date. So not at all like unix vs linux. More like an offline install CD vs. a web installer for the exact same version of the exact same linux distribution, only someone added in some settings files suitable for their own PC...

Re:Easy solution (5, Informative)

Synerg1y (2169962) | about 2 years ago | (#42406787)

You're 100% correct about the source code, he never had access, however he did package the modded driver into its own installer and omega is considered a 3rd party driver. Don't underestimate the registry either, all the driver settings / a lot of the config are stored there. Some of these tweaks led to increased stability in the past. I'd have to agree they're out of date, but a lot of the cards it supports aren't getting new drivers / improvements from nvidia anytime soon either. I thought I'd just throw this out there for those looking for something else to try, especially with all the invasiveness of newer nvidia drivers.

Re:Easy solution (-1)

Anonymous Coward | about 2 years ago | (#42406933)

You strike me as the kinda computer "genius" who works in a PC repair shop, or maybe Best Buy. POWER USER!

Re:Easy solution (0)

Anonymous Coward | about 2 years ago | (#42407657)

And I suppose you write your own drivers? LOL

I'm to lazy to reg hack and discover what obfuscated settings and code do.

Therefore I used omega drivers on a laptop when nvidia had a few shitty bugs. It worked around by disabling some unnoticable features or compatability settings and I played games just fine.

Without them, I would have been shit up a creak without a paddle. What the guy did is not rocket science or spectacular. But the best sysadmins all share their bats, bash scripts and tricks, or borrow others and hack them to suite their needs. Qmail was (is?) great in this regard.

Re:Easy solution (2)

LordLimecat (1103839) | about 2 years ago | (#42406705)

The guy who created them had neither the time nor the expertise to "develop" new drivers. He repackaged the bog-standard drivers and tweaked some settings, including opening up an already existing but hidden overclocking GUI.

If this guy was able to develop his own drivers from scratch, I have a feeling the Nouveau guys would be reaching out to him for information.

Re:Easy solution (1)

Desler (1608317) | about 2 years ago | (#42406769)

The drivers are tweaked versions of those officially released by ATI and nVidia, mainly using registry tweaks and offering an alternative installer. They are not custom drivers compiled from source code.

From here [wikipedia.org] .

So your comparison between Unix and Linux is quite laughably wrong. The Omega drivers are just the official drivers packaged with registry tweaks and an alternate installer. Nothing more.

Re:Easy solution (-1)

Anonymous Coward | about 2 years ago | (#42406789)

Just use Nouveau, you little windoze bitches.

Re:Easy solution (0)

Anonymous Coward | about 2 years ago | (#42407399)

Or just disable the Nvidia service altogether. I've been doing that for years because it is an unnecessary service.

Re:Easy solution (0)

Anonymous Coward | about 2 years ago | (#42407747)

It has a way of starting itself back up everytime drivers are updated.

Re:Easy solution (1)

masternerdguy (2468142) | about 2 years ago | (#42407613)

Are you kidding? All the guy did was disable registry entries that locked you from doing dumb crap like overclocking an integrated chipset. He also removed the stuff that makes sure that your device is actually supported by the driver, so the omega drivers are basically the spray and pray version of hardware support.

You call that "editing?" (4, Insightful)

CanHasDIY (1672858) | about 2 years ago | (#42406023)

Here, Timmy, let me do your job for you:

A zero-day exploit has been found in the Nvidia Display Driver Service on Windows machines. [threatpost.com] An attacker with local access can use the exploit to gain root privileges on a Windows machine. Windows domains with relaxed firewall rules or file sharing enabled can also pull off the exploit, which was posted to Pastebin [pastebin.com] by researcher Peter Winter-Smith.

Granted, I've seen worse, but c'mon, man, you're getting paid for this shit.

Pay attention.

Re:You call that "editing?" (2, Interesting)

girlinatrainingbra (2738457) | about 2 years ago | (#42406203)

re Granted, I've seen worse
.
Actually, this is even worse than you think. Take a look at the original submission in which I commented hours ago:
http://slashdot.org/firehose.pl?op=view&id=41570609 [slashdot.org]

Note that the original submission (not by me but by "wiredmonkey") has a longer explanation and two copies of a link to the securityweek article in it. The security week article has the link to the Nvidia customer help site with the repaired/fixed driver blob in it. Timothy is somehow getting someone to copy prior submissions and actively take out the useful stuff before posting it to the front page! J'accuse! (finger pointing accusitorily)

Re:You call that "editing?" (-1)

Anonymous Coward | about 2 years ago | (#42406271)

This site went to shit ever since the trolls were banished and flags were introduced. Somebody should get on 4chan and coordinate a mass-flagging of Slashdot posts. Readers, do your duty and flag posts at random for being "racist," "abusive," "spam," and other realistic-sounding complaints.

-- Ethanol-fueled

Re:You call that "editing?" (1)

h4rr4r (612664) | about 2 years ago | (#42406353)

When were the trolls banished?

Make a damn name and stop tagging AC posts.

Re:You call that "editing?" (-1)

Anonymous Coward | about 2 years ago | (#42406533)

I am a stupid poopyhead! Don't do what I say, it is stupid and poopyheaded.

-- Ethanol-fueled

Re:You call that "editing?" (-1)

Anonymous Coward | about 2 years ago | (#42406573)

Ever since the Negroes and liberals took over this site and America, it has gone to shit. Why do the socialists hate this country?

-- Ethanol-fueled

Re:You call that "editing?" (0)

Anonymous Coward | about 2 years ago | (#42406497)

I see no evidence of a patch for this exploit yet - the Security Week article seems to link to the patch for the Linux exploit announced months ago, not the Windows exploit announced on 12/25. Or am I missing something?

Re:You call that "editing?" (1)

Jeng (926980) | about 2 years ago | (#42406231)

That may actually prove to be a good tactic to get them to do better.

In the past most people just call them names, actually posting a corrected version of the submission shows the "editors" what they need to be doing.

Personally bad grammar doesn't faze me, but for the grammar nazis out there this is better than just calling the editors names.

Re:You call that "editing?" (1)

CanHasDIY (1672858) | about 2 years ago | (#42406895)

As a grammar nazi (who, admittedly, commits apostrophe abuse on a regular basis), I tend to agree.

As a person who understands human nature fairly well, I completely agree - the old adage, 'you catch more flies with honey than with vinegar,' rings true in more ways than one. Insults only serve to cause the one being insulted to close up mentally, thus making it impossible to educate them to their mistakes after that point.

Anyone interested in the most effective ways to encourage certain behavior (without necessarily agitating the subject to the point of non-compliance) would do well to read the book Nudge: Improving Decisions About Health, Wealth, and Happiness [google.com] by Richard Thaler.

Good stuff.

Re:You call that "editing?" (0)

Anonymous Coward | about 2 years ago | (#42407001)

Unfortunately after they Nudge you they then start to push you and when push comes to shove.....

Re:You call that "editing?" (1)

l0ungeb0y (442022) | about 2 years ago | (#42406437)

On Slashdot the "Editing" job duties consist solely of hitting the "approve" button on selected story submissions.

Re:You call that "editing?" (0)

Anonymous Coward | about 2 years ago | (#42407951)

No it doesn't. I've had a submission accepted for the front page. The editor replaced the links I had (to Ars Technica) with some lame write up on a blog - apparently due to an advertising arrangement?? He also butchered the text from my correct wording to something, well, less correct.

Root privileges on Windows? (0)

Anonymous Coward | about 2 years ago | (#42406029)

Bad link?
Missing "to".

Oh, timothy...

root access (2, Informative)

Anonymous Coward | about 2 years ago | (#42406053)

isn't the term root reserved for linux machines, isn't it called admin for windows?

Re:root access (1)

Anonymous Coward | about 2 years ago | (#42406117)

Not really. "Root" has stronger connotations on windows.

Re:root access (1)

Anonymous Coward | about 2 years ago | (#42406157)

Not really, it is just a term used for the top level system access. Sometimes called admin or superuser, root is just the standard name used for unix. In windows now especially it is probably better to refer to root or system level access as even admin accounts "can" have certain restrictions applied to them.

Re:root access (1)

LordLimecat (1103839) | about 2 years ago | (#42406743)

A user with admin privileges can gain system level access.

Re:root access (1)

DragonTHC (208439) | about 2 years ago | (#42406167)

has to do with security rings. They mean ring 0.

Re:root access (4, Informative)

Bengie (1121981) | about 2 years ago | (#42406567)

Ring 0 has to do with Kernel level, not user permissions.

"root" is like being an all-powerful dictator, Ring 0 is like being god and controlling the fabric of the Universe itself.

Re:root access (4, Informative)

ais523 (1172701) | about 2 years ago | (#42406169)

Windows actually has two root-like permission levels, "administrator", and "SYSTEM" (which is higher and cannot be given to normal accounts). It might be interesting to know which the attack allows escalation to (although I think an attacker could do anything they cared about with only administrator-level permissions, they'd just have to do it a little indirectly).

Re:root access (-1)

Anonymous Coward | about 2 years ago | (#42406717)

That's why I like Linux/UNIX root is God, administrator is more like tv minister,

Re:root access (2)

Bryansix (761547) | about 2 years ago | (#42407627)

So you like Linux because Windows does its permissions levels EXACTLY THE SAME WAY? I'm confused.

Re:root access (3, Informative)

LordLimecat (1103839) | about 2 years ago | (#42406757)

Once you get admin, you could trivially install a service with system-level access to elevate yourself further. This was easily done on XP, where you could set cmd.exe to run as an interactive service, which when started presented you with a System-level command prompt.

It can be done on Windows 7 as well, though I believe you can no longer just do it with cmd.exe.

Re:root access (1)

VGPowerlord (621254) | about 2 years ago | (#42406919)

On XP, root and SYSTEM are functionally identical. It wasn't until Vista introduced UAC that they became different (because Administrator is subject to UAC, but SYSTEM isn't).

Re:root access (2)

LordLimecat (1103839) | about 2 years ago | (#42407185)

Thats not correct; there are certain times I ran into "access denied" attempting to kill some task (ie, some virus scanner process) as admin, while the same operation succeeded once I elevated to SYSTEM and killed the process there.

Security aside there were other differences, such as local environment obviously.

Re:root access (3, Informative)

dissy (172727) | about 2 years ago | (#42407165)

Grab psexec.exe from sysinternals, and as local admin simply run: psexec -i -s cmd.exe
You now have a command prompt window running as system cwd'd to the system32 dir.

Most windows domains will have psexec laying around somewhere anyways, or at least on servers. Easiest way to mass push remote commands to the workstations as domain admin.

Re:root access (0)

Bryansix (761547) | about 2 years ago | (#42407641)

Easiest? No. Anything in a command line is not "easy". It is fully functional? Yes. However I would rather choose a script from a drop down menu, select the comps from the left and drag to the right, choose a time, and hit "run". I can do this with N-Central. You just have to pay for that solution.

Re:root access (1)

theArtificial (613980) | about 2 years ago | (#42408015)

Anything in a command line is not "easy".

Nice absolute. Not all command lines are created equal, look at the abortion that is PowerShell but at least Windows has ls. Off of the top top of my head: how about copying files in a directory, let's say files/photos/resumes/songs/logs organized by first and last name delimited with a space, and you want all of the Bs. It's clumsy at best with the GUI. How about renaming all of them to replace the spaces with an underscore? Its not like anyone manages music collections... with specific regard to admin tasks, command line is a heck of a lot easier (admin level prompt, type command(s)) than navigating to the desired tool, loading it up, navigating the wizard/menus, selecting tasks (repeating).

You just have to pay for that solution.

The proposed solution doesn't sound easier in comparison. First you need to go to a website, then buy something, (possibly)download it, install/deploy it, (possibly)configure it, create/customize the scripts, test it and finally do it. How is that easier than typing something? It's an immense benefit to become familiar with tools one uses daily, especially when you're charging for your time. Good engineering revolves around efficiency, less moving parts means less potential to go wrong. In addition now your credentials are available in multiple places. Call me old fashioned but requiring people to know what they're doing without depending upon 3rd party software to do their job shouldn't be considered 'hard' but something that comes with the territory.

Barring physical disabilities, do you not use Google because typing things is hard?

Re:root access (1)

dissy (172727) | about 2 years ago | (#42408541)

However I would rather choose a script from a drop down menu, select the comps from the left and drag to the right, choose a time, and hit "run". I can do this with N-Central. You just have to pay for that solution.

I'll stick with my psexec, bat, and tcl scripts. I'd much rather just double click a single icon and have the script figure out what hosts need the action performed on and simply do it all for me.

But to each their own :}

#WindowsRage (-1)

Anonymous Coward | about 2 years ago | (#42406077)

Another exploit for this POS OS.

Re:#WindowsRage (1)

etash (1907284) | about 2 years ago | (#42406127)

are you aware of any OS that does not suffer by privilege escalation exploits ? if so, be a dear and share it with the rest of us.

Re:#WindowsRage (3, Funny)

gman003 (1693318) | about 2 years ago | (#42406165)

MS-DOS.

You kind of need "privileges" in order to have privilege escalation.

Re:#WindowsRage (1)

etash (1907284) | about 2 years ago | (#42406193)

yay! i'm upgrading to ms-dos right now!

Re:#WindowsRage (1)

AndyKron (937105) | about 2 years ago | (#42406463)

Interestingly, I found my last surviving copy of DOS just the other day. I was planing on firing up the Tandy 1500 laptop to see if it still worked.

Plan 9. (0)

Anonymous Coward | about 2 years ago | (#42406793)

Plan 9 and most Micro Kernels. No root to escalate to \ from. Sometimes there's groups to worry about but non-*nix systems usually avoid stuff like sudoers or even plugdev and will use a lot more groups with far fewer privileges per group.

Re:#WindowsRage (1)

rbprbp (2731083) | about 2 years ago | (#42406605)

CP/M.

Re:#WindowsRage (0)

Anonymous Coward | about 2 years ago | (#42407453)

You mean from the Windows family? No, I can't name any. There always some bullshit way to get privilege escalation on any Windows system just as there are always going to be apologists trying to explain that it's normal, that we should lower our expectation and that, supposedly, all OSes are created equals when it comes to security.

Is that your point? That all the OSes are created equal when it comes to security?

I've seen pretty hardened SELinux or grsec boxen for that matter and, despite following closely every single security out there I've had servers that didn't any patching for... Years!

Sure, there may be some exploit once in a while, but it's hardly the fiasco that Windows is.

Re:#WindowsRage (1)

smash (1351) | about 2 years ago | (#42408555)

Windows 3.1

Re:#WindowsRage (0)

Anonymous Coward | about 2 years ago | (#42406175)

I know reading 101 is a fail for most /. users, but for fucks sake even the summary points out it is an NVidia exploit. Or do you somehow think Linux would be magically immune to a kernel level exploit in NVidia drivers?

Re:#WindowsRage (1)

Anonymous Coward | about 2 years ago | (#42406337)

Linux Nvidia drivers don't open an SMB named pipe (which, for added bonus can be used for remote attacks from same domain), so this one exploit is pretty much Windows specific. And yeah, you just proved your point.

Re:#WindowsRage (1)

etash (1907284) | about 2 years ago | (#42406359)

so because nvidia software opens a pipe, it's windows fault. well done descartes!

Re:#WindowsRage (1)

Anonymous Coward | about 2 years ago | (#42406391)

Clearly a windows specific problem.

THIS COULD NEVER HAPPEN ON LINUX.... except that one time when it did.

http://www.zdnet.com/privilege-escalation-security-hole-found-in-nvidia-linux-driver-7000001986/

Re:#WindowsRage (1)

smash (1351) | about 2 years ago | (#42408557)

No, however the Linux Nvidia drivers run in kernel mode (video driver in Vista + runs in user space) and can thus do anything the kernel can do.

Re:#WindowsRage (1)

VGPowerlord (621254) | about 2 years ago | (#42406949)

I know reading 101 is a fail for most /. users, but for fucks sake even the summary points out it is an NVidia exploit. Or do you somehow think Linux would be magically immune to a kernel level exploit in NVidia drivers?

Good job failing reading 101 yourself.

The summary points out that nVidia's Windows Service is exploitable rather than the display driver itself. Why would you think that would affect Linux?

Oh, and that's without even mentioning that Windows and Linux drivers aren't written in the same language (C++ for Windows, C for Linux) and don't use the same kernel API.

Re:#WindowsRage (0)

Anonymous Coward | about 2 years ago | (#42407091)

Oh the irony, He didn't say the exploit was in the driver, he said it was an Nvidia exploit and then pointed out a reasonably legitimate comparison for what NVidia has on Linux. If you are going to correct someone at least read what they fucking wrote.

Re:#WindowsRage (0)

Anonymous Coward | about 2 years ago | (#42406423)

a linux privesc exploit using the nvidia driver came out months ago.

Hurray for closed source (0)

Anonymous Coward | about 2 years ago | (#42406139)

Let's see how fast this one is either fixed or spinned into "it's a feature, really, don't worry about it".

Closed source - it's like open source, but to only those that can read assembly.

oh nohz! (0)

Anonymous Coward | about 2 years ago | (#42406159)

let the bitcoin farming begin! lol.

Re:oh nohz! (0)

Anonymous Coward | about 2 years ago | (#42406263)

farming? I'd much rather pillage than farm.

Re:oh nohz! (0)

Anonymous Coward | about 2 years ago | (#42406711)

farming? I'd much rather pillage than farm.

Yeah, that's what the Vikings thought too. Didn't work out so well for them.

NVIDIA privilege escalation exploit (5, Informative)

girlinatrainingbra (2738457) | about 2 years ago | (#42406171)

The article says
enables an attacker to install a user on the target system, completely bypassing MicrosoftÃ(TM)s Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections

I'm wondering if such a pipe system is used (or such a service is enabled) on the NVIDIA binary driver blob for the Linux kernel. Could that be another possible attack vector, or is that not possible with this?
.
NVIDIA for unix/Linux had another vulnerability earlier this year pointed out in the article at also at Nvidia's own customer web site http://nvidia.custhelp.com/app/answers/detail/a_id/3140 [custhelp.com] custhelp.com site for nvidia [custhelp.com] which showed that using VGA access to RAM allows indiscriminate access to RAM and possible escalation of user privileges with this memory access. Here's the comment from Dave Airlie at the email archive on seclists.org [seclists.org] :

It basically abuses the fact that the /dev/nvidia0 device accept changes to the VGA window and moves the window around until it can read/write to somewhere useful in physical RAM, then it just does an priv escalation by writing directly to kernel memory.

Notice how with binary blobs how end-users are screwed and dependent upon the provider of the blob to fix things. Nvidia didn't do anything until after public disclosure of the bug, even though they were notified of the exploit more than three months earlier.

Re:NVIDIA privilege escalation exploit (0)

Anonymous Coward | about 2 years ago | (#42406827)

Notice how with C code how end-users are screwed and dependent upon the provider of the C code to fix things. Nvidia didn't do anything until after public disclosure of the bug, even though they were notified of the exploit more than three months earlier.

Protip: 99.999% of NVidia driver end-users either do not know C or are not willing to patch or use a one-off modified OS driver, or had privileges to install said driver in the first place and simply have no reason to care...

Re:NVIDIA privilege escalation exploit (1)

Trelane (16124) | about 2 years ago | (#42406961)

Protip: 99.999% of car drivers either do not know how to change their oil or are not willing to learn how and simply have no reason to care. That's why we all take our cars to the original dealer.

idiot: misquoting closed "binary blob" as "C code" (1)

girlinatrainingbra (2738457) | about 2 years ago | (#42408571)

Dude, don't try to fuck with me by quoting me and and then misquoting me to argue against me by changing closed source "binary blob" into "C code". I was pointing out the foolishness of accepting closed source binary blobs. Your fuck-headed response was to conflate "closed source code" with "C code", perhaps implying "hard to read or understand code"? Too bad you can't wrap your head around code, or figure out how to get an account on /. instead of living your life anonymously and with extreme cowardice. Other people who can read the code and understand it would appreciate open code as opposed to closed code. Blah, blah, nya-nya-nanny-boo-boo, so there! (Laugh a little, you moron; if you want to argue with me, deal with my arguments rather than making a bitchy straw man argument which you can set on fire. Nobody argued your useless point of view!)
;>p
;>)
!!!

Re:NVIDIA privilege escalation exploit (0)

Anonymous Coward | about 2 years ago | (#42408973)

girlinatrainingbra:

...[W]ith binary blobs ... end-users are screwed and dependent upon the provider of the blob to fix things.

True.

You:

...[W]ith C code ... end-users are screwed and dependent upon the provider of the C code to fix things.

False.

So what was your point, exactly? Or was there one, other than to try to look clever?

Even easier solution.... (0)

Anonymous Coward | about 2 years ago | (#42406199)

Store confidential data on a cloud server that does not use nvidia - now it's okay if your PC is hacked. If your computer gets used as a bot, sue nvidia and profit.

severs are starting to use GPS for CPU tasks (0)

Joe_Dragon (2206452) | about 2 years ago | (#42406269)

severs are starting to use GPS for CPU tasks

Re:severs are starting to use GPS for CPU tasks (2, Funny)

Anonymous Coward | about 2 years ago | (#42406381)

Apparently, GPS offers more than location and time services. Unfortunately, I think GPS satellites are too high up to be considered "in the cloud." Maybe it's time for a new catchy phrase for them? Cloud 2.0? Or, better yet, Void. "I do all of my computing in the Void" has a nice ring to it.

It never dawned on me until just now, but with all of the added computing required of the GPS satellites, no wonder Apple Maps is having so many problems!

Re:severs are starting to use GPS for CPU tasks (0)

Anonymous Coward | about 2 years ago | (#42406407)

They've hacked the GPS satellites? I didn't think they had that much computing g power, and the latency would be terrible.

Re:Even easier solution.... (0)

Anonymous Coward | about 2 years ago | (#42406421)

BRO, dont ever, ever, ever get a job in infosec.

Stop talking (1)

Anonymous Coward | about 2 years ago | (#42406313)

If it were going to put people at risk I'd not have released exploit code and I'd have informed the vendor and kept quiet until a fix were issued.

Just when you were scoring high marks, you had to keep flapping your jaws. Vendors (especially NVidia) do not traditionally respond to polite suggestions regarding their buggy code -- you would have eventually been forced to go public, and the vulnerability would have gone that much longer unaddressed. People with insecure systems that would otherwise be none-the-wiser can now take steps to protect themselves until a patch can be developed. There is no reason to sit on this, even if it were easier to exploit, being that it's a non-essential, third-party service that is easily disabled by even a novice user... going public was and would be the most prudent course of action.

Disable nvsvc32 (5, Informative)

Anonymous Coward | about 2 years ago | (#42406375)

I believe there's no need to have the vulnerable nvsvc32.exe service running. It might break the NVIDIA control panel, but the driver should function properly with that service turned off. You could do that until a fixed version is available. The actual driver is named nvlddmkm.sys.

Mod him up, someone (2, Informative)

Anonymous Coward | about 2 years ago | (#42406491)

Was running with this service disabled for a long time and didn't notice any ill effects except for missing NV Control panel - switching it to Manual or Automatic makes it work again.

Services.msc management console calls it "NVidia Display Driver Service". Just try stopping it first, if you're doubting an AC's word, and check how everything runs for you, then switch it to Disabled.

Re:Mod him up, someone (4, Informative)

Ash Vince (602485) | about 2 years ago | (#42406669)

Was running with this service disabled for a long time and didn't notice any ill effects except for missing NV Control panel - switching it to Manual or Automatic makes it work again.

Services.msc management console calls it "NVidia Display Driver Service". Just try stopping it first, if you're doubting an AC's word, and check how everything runs for you, then switch it to Disabled.

Just to second this from a real slashdot user :)

I disabled this as it was taking up valuable CPU time on my old gaming laptop. I never saw any ill effects at all. I am sure it must have some purpose but I never figured out what it was disabling it stopped me doing and I ran my PC like that for years.

Re:Mod him up, someone (1)

Bearhouse (1034238) | about 2 years ago | (#42406797)

Indeed. Goes for any of these 'enhanced' shitware progs. Just install the basic drivers and in my experience, (all windows from XP) up, through all cards, everything works fine. Of course, they sometimes make it really hard to just install the drivers - i wonder why?

In NVidia's case for their driverset (1)

Anonymous Coward | about 2 years ago | (#42407051)

The NVidia Control Panel has some 'niceties' for folks that don't manually "tweak & tune" their games via the game itself's native configuration files.

(OH, there's MORE TO IT than just that, that's just an example I've used @ times myself from its contents).

For example (since I am a HUGE longtime fan of IDSoftware & a /. member Mr. John Carmack's work)?

DoomCfg.cfg (Doom III) + Quake4.cfg (Quake4) allow a LOT of "little tricks" for both performance or visual quality. You can seriously "adjust" ID's games there, any way you like.

HOWEVER/Per my subject-line above:

What the control panel does is SAVE that for you (since the NVidia driver can override game configuration data for the driver to process), across MANY games!

All so you don't have to do all the reading & study to do it manually, game by game.

* That's about it though... guess it really depends on the user!

APK

P.S.=> More just a "matter of convenience" for users that aren't "big" on tweaking I'd say (however, gaming was what led ME to tweaking tuning my OS, + games, as far back as DOS 5.0 here, so I could get more outta them/more "bang-for-the-buck")...

... apk

Re:Mod him up, someone (1)

Anachragnome (1008495) | about 2 years ago | (#42407087)

"Indeed"

Win7 64-bit here.

Since I switched over to Win7 from XP, I've gotten into the habit of letting Windows find the drivers for everything when setting up a new machine. Just plug all that shit in and see what happens--9 times out of ten Windows nails it and the device simply works. My wife has this elderly HP All-in-One Printer/scanner that comes with a massive package of software, all of which installs with the drivers if I use the provided install disk. I ended up with numerous services running that were almost never used.

Last night I set up a brand new computer for her and simply plugged the thing in, letting Win7 check the MS servers for drivers--even though the thing is elderly MS found drivers for every aspect of the device (5 in total). It works perfect and there is no crap on the machine now. Nothing but print-spooler running. This also saved me about 10 mins installation time, and that was only one device.The nice thing about this? If MS keeps up with drivers like this, old devices from Goodwill stores and the like can be used even if the driver disk is nowhere to be found--MS has in effect become a clearing house of drivers that work.

Even the driver for my video card that Win7 found was only one version older then the latest one available at the manufacturers website (Perhaps MS stays clear of the newest ones until the bugs are worked out, after all, the only reason they provide the driver location service is to get people to stop blaming THEM when their hardware doesn't work--Vista was a learning experience for MS, apparently).
 

Re:Mod him up, someone (1)

Khyber (864651) | about 2 years ago | (#42407227)

"Even the driver for my video card that Win7 found was only one version older then the latest one available at the manufacturers website (Perhaps MS stays clear of the newest ones until the bugs are worked out,"

No, the latest drivers hadn't passed WDDM certification.

Re:Mod him up, someone (0)

Anonymous Coward | about 2 years ago | (#42407007)

It's basically the service that passes the preferences you'd set in the nVidia control panel to the driver when you're using 3d apps. I presume that if it's disabled, the driver just defaults to performance settings, instead of the normal 'quality' settings.

Re:Mod him up, someone (1)

Lashat (1041424) | about 2 years ago | (#42407049)

I wish NVIDIA distriubted a driver that could be installed via the .inf file using the Windows Control Panel.

Wouldn't this solve the problem.

Technically? (1)

Anonymous Coward | about 2 years ago | (#42407223)

You can do that, & "easy as apple pie" too, as follows:

E.G.-> Open NVidia drivers with WinRar & extract out the Display.Driver folder someplace on your harddrive.

(That folder has the libs/dlls & .sys files necessary (+ other 'perhipheral files' too) & the .inf file, for doing exactly what you want!)

Then, just use devmgmt.msc to "update driver" for the video display device (Diplay Adapter) by clicking on it, & then right-clicking to "update driver" by pointing to the place you extract that folder out to on your harddisk.

* And, "voila" - should work!

APK

P.S.=> Should be as simple as that, per your request... IF you try this? Let me know how it works out - should be fine technically, & it's easy to "get out of too" by simply uninstalling the driver IF necesssary (system will default back to last driver or SVGA std.)...

... apk

"A real /. user"? Ok, question & information.. (-1)

Anonymous Coward | about 2 years ago | (#42407525)

"Just to second this from a real slashdot user :)" - by Ash Vince (602485) * on Thursday December 27, @04:50PM (#42406669)

Kindly explain that please - as I'd like to hear the definition of a "real /. user" here.

* If what you mean is what I *think* you do? That's rather discriminatory... lol - not that serious on that note, just stating it in defense of us "AC" posters is all (not all of us are 'trolls' you know!).

(However - Your comment's good, overall, SO don't get me wrong - in fact? I think you merit an upmod for your informative reply based on hands-on experience... )

APK

P.S.=> If it's because you're a "registered 'luser'"? Well... then, I can explain a WHOLE LOT OF DOWNSIDES to it (2-3 being very bad in a way)...

1 being that I have LITERALLY CAUGHT people using multiple "registered 'luser'" accounts here!

They use them for:

---

1.) Modding themselves up, gaming/cheating on the STUPID & BROKEN moderation system here

( & yes, I will state who below in fact, literally - and of course, for downmodding their opponents who "get the better of them" in technical debates also).

2.) Another is that you're TRACKABLE FOR TROLLING + those unjust downmods I noted above also!

---

( & don't *think* that doesn't go on here (trust me, I KNOW it does, it happens to me quite regularly))

Proof/Example? Ok:

TomHudson/Barbara, not Barbie - same person, & her accounts used the SAME EMAIL ADDRESS (which is what did her in, I pointed it out, she changed it... albeit, she left afterwards, thank the Lord - was a MASSIVE troll!).

Her "pal" webmistressrachel below? Check THIS out:

"Screw you, apk, and the horse you rode in on. If I ever see you post here again, I'll bomb you as AC from Tor, meaning I'll NEVER run out of posts because I can change endpoint..." - by webmistressrachel (903577) on Sunday July 03 2011, @02:03PM (#36647614)

FROM -> http://slashdot.org/comments.pl?sid=2292298&cid=36647614 [slashdot.org]

However - It's FAR MORE DIFFICULT FOR HER TO DO THAT TO ME POSTING AS AC, which is pretty much all I've ever done since 2005!

Why?

Well - I find NO GAINS in registering a username here (I had one years ago I only used once to ask Mr. John Carmack of IDSoftware, a question). I could care less about "karma points", or being able to upmod/downmod - IF I have something to say? I say it via a comment (as I did here recommending modding up the AC with his good comment in my other replies here).

THUS, posting as AC here?

It's tougher for my "private fanclub of trolls" to 'track me for trolling' (numerous, because their 'geek angst' drives it since I dusted them in TONS of technical debates here, lol).

Especially before /. implemented their "FIND" feature on the forums... (& I would even go as far to say I am part of the reason they did, lol, but... that's only 'speculation').

However - my posting style? It "marks me" since I post my initials in my subject-lines MOST times, or in my replies (if I am not in a big hurry or don't forget to)... ah, anyhow - awaiting your answer here!

... apk

Very Good... apk (0)

Anonymous Coward | about 2 years ago | (#42406941)

Spot on-Top Marks - mod him up to +5 INFORMATIVE people (if you have mod points that is, I don't)...

* I just tested it with Doom III, Quake IV, GLQuake/Tenebrae, & "alles ist goot"... you can dump running ALL Nvidia services in fact (the updater, the std. service for it, & 3dVision (unless a game requires it &/or you use it that is)).

Yes... it appears the "penguins" are 'reaching' & failing, in their usual "let's *try* shootdown Microsoft &/or Windows" with this one... & as usual, around here.

APK

P.S.=> Besides - afaik, this ISN'T a "remote exploit" (as in someone can't get your IP address & attempt to use it against you)... look @ the conditions required for it for Pete's sake!

I only cursorily read the summary & article + source, & it sounds like it's only good on a local network!

(IF you're not connected to one? Hell, no big deal @ all really, since you're on a 'stand-alone' system. If you keep your system fully currently patched + security-harden it?? Especially no biggie... nothing can take advantage of it (as in other malware that attempt to exploit this in the meantime prior to patching, & SOMETHING tells me, NVidia will have it fixed in a jiffy anyhow - they're not going to sit around for their BIGGEST MARKET ON PERSONAL COMPUTERS & let that be that way))...

... apk

Re:Disable nvsvc32 (1)

Quietust (205670) | about 2 years ago | (#42408093)

I just tried disabling nvsvc32, but I discovered that it doesn't exist on my system - the NVIDIA Display Driver Service is named "nvvsvc.exe" (and the Update Service Daemon is "daemonu.exe"), and while I did find an "nvsvc64.dll", I could not find a single file named "nvsvc32.exe" anywhere on my system.

Is this something that only exists in the 32-bit drivers (I'm running Win7 x64), or is it something that disappeared in the 310.70 drivers released last week?

DO WHAT I DID (step by step)... apk (0)

Anonymous Coward | about 2 years ago | (#42408265)

Run SERVICES.MSC - disable NVidia services there (or just set them MANUAL till you are SURE all your apps work - upon reboot especially)!

No reboot required for it to work here though!

SO, DO TEST like I did with your games or 3d display related apps -> http://it.slashdot.org/comments.pl?sid=3344029&cid=42406941 [slashdot.org]

* That should make it doable for you, easily via GUI no less...

APK

P.S.=> It'll work, it did for me @ least & yes, ON Win7 64-bit!

(Addendum - I've done it before long ago on 32-bit NT-based OS for ages too, before I bought into the 64-bit world so I could do 64-bit apps, & test them here too, ala -> http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]

... apk

You didn't think this was a bitcoin story... (-1, Offtopic)

slashmydots (2189826) | about 2 years ago | (#42406405)

...but you were wrong! lol. Good thing 99.99999% of bitcoin mining rigs run exclusively AMD graphics cards or that'd be the first target. If you want fast, easy, untraceable money theft, you target the miners and their pools. A lot of bitcoin miners are actually purposely running older versions of the Catalyst Control Center that run bitcoin calculations faster so imagine what a disaster it would be if it wasn't Nvidia's software that was exploited this time!

Local access....... (0)

Anonymous Coward | about 2 years ago | (#42406691)

OMG NOOOOOOOOOO!!!!!!!!

What? Local access isn't root on Windows? (0)

Kaz Kylheku (1484) | about 2 years ago | (#42406857)

:)

No issue here (2)

dtfinch (661405) | about 2 years ago | (#42406927)

Every update I redisable all the nvidia services, startup tasks, and shell extensions, breaking nothing of value.

I'm glad I have physical security. (1)

flayzernax (1060680) | about 2 years ago | (#42407259)

And also anal about what kinda bullshit services people force to run in the backgrounds.

I sure as hell hope governments keep sensative information a little better then I do =) Wouldnt want the sekrets to the universe and UFOs and free energy get out.

Pastebin - removed - Backups anyone ? (1)

burni2 (1643061) | about 2 years ago | (#42407427)

he removed the exploit has anybody made backups and is willing to share them ? Because I have friends that will get into trouble when this is not fixed asap.

Re:Pastebin - removed - Backups anyone ? (1)

burni2 (1643061) | about 2 years ago | (#42407491)

Helped myself it seems to be copied on pastebin, just search for it ;) on paste.bin

Re:Pastebin - removed - Backups anyone ? (0)

Anonymous Coward | about 2 years ago | (#42407829)

http://pastebin.com/AW9rtqYg

"An attacker with local access" (1)

Anonymous Coward | about 2 years ago | (#42408339)

Stopped reading there. If they've got local access they can do whatever the hell they want regardless, one more attack vector isn't going to make or break things.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?