This post is also available in: Deutsch (German)
Update recommended: Nvidia has patched three serious vulnerabilities in the GeForce driver. The breaches allow attackers to access personal data.
Critical security breaches in Nvidia GeForce drivers
A few days ago, Nvidia released a new driver for Windows computers that closes three critical vulnerabilities. Specifically, attackers can cause problems through the breaches in three ways. On the one hand, personal information can be tapped, but in the worst case hackers can even gain system level access and launch Denial of Service attacks. This works via the driver installer, which can anchor unsigned DLL files to the Windows system. For example, an attacker can use a DLL preloading attack to insert another malicious DLL file, which then allows access to the computer. Finally, a kernel handler contains the vulnerability that enables DoS attacks. The DeviceIoControl interface reads data from a buffer memory via index and pointer functions, which can lead to the mentioned attacks.
Update to version 430.64 strongly recommended
Nvidia has patched these three security flaws with the GameReady driver 430.64. We therefore strongly recommend that you update to this version in order to prevent hackers from being able to attack you. The version can be checked either via the Nvidia Control Panel or GeForce Experience. The download also works comfortably with the software. Otherwise the update can also be found here.