Security Bulletin: CVE-2015-1170: Windows Privilege Impersonation Check

Updated 09/29/2021 10:17 AM

CVE-2015-1170: Windows Privilege Impersonation Check

Go to NVIDIA Product Security.


Vulnerability Description:

The NVIDIA Display Driver's kernel administrator check improperly validates local client impersonation levels in some cases.

Exploit Scope and Risk:

The attacker must already have local access on the machine.Under certain conditions, a local user on the system can use improper impersonation behaviors of NVIDIA driver API's to access resources that are intended for local administrator access only. Under these conditions, this behavior may lead to privilege escalation of the local user account, leading to a system compromise.

The CVSS Risk assessment is listed below.

NVIDIA's risk assessment is based on an average of risk across a diverse set of installed systems and may not represent the true risk of your local installation. We recommended consulting a local security or IT professional to evaluate the risk of your specific configuration. NVIDIA is not aware of any exploits involving these issues.

Vulnerable Configurations:

This vulnerability affects all GPUs with Windows XP, Windows Vista, Windows 7, and Windows Server 2008/2008 R2 systems using NVIDIA GPU Display Driver components, or derived packages which use NVIDIA GPU Display Driver components.

Vulnerability Discovery:

This bug was reported to NVIDIA by James Forshaw, Project Zero, Google.

Fix:

NVIDIA recommends updating to a patched driver for your specific platform need as detailed below.

GeForce Notebook, Quadro or NVS Notebook:

Driver downloads

GeForce Desktop:

Driver downloads

Quadro or NVS Workstation:

Driver downloads

GRID baremetal or GPU passthrough:

Driver downloads

GRID virtual GPU (vGPU):

Driver downloads

Windows 8 and Later:

Not affected

Windows XP:

Windows XP is considered vulnerable to this issue though Windows XP is EOL, no longer supported by Microsoft, and subject to numerous other exploits. If you have questions or concerns with specific Windows XP installations, please contact your NVIDIA support team for more information. NVIDIA will not be providing explicit patches for Windows XP systems at this time.

Mitigations:

As the exploit requires local access and a user/process running as administrator to allow impersonation, safe computing practices can mitigate your general risk.

As always, observe safe computing practices by:

· Only downloading or executing content and programs from trusted third parties.

· Run your system and programs with the least privilege necessary. Users should run without administrator rights whenever possible.

· When running as administrator, do not elevate UAC privileges for activities or programs that don't need them.

Is this answer helpful?

Live Chat

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

Ask a Question