Security Notice: Bypass Application Whitelisting Through NVIDIA node.js

Updated 05/15/2017 10:43 AM

NVIDIA’s response to the bypassing of application whitelisting through NVIDIA node.js


Go to NVIDIA Product Security.

Security Notice Update April 27, 2017

This issue has been addressed. For details, see Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in WebHelper.exe. (repackaged Node.js) CVE-2017-2650.

April 21, 2017

This notice is in response to the article Abusing NVIDIA's node.js to bypass application whitelisting, published by SEC Consult. The issue was disclosed on April, 20, 2017 as an SEC Consult blog post that details how to manipulate NVIDIA node.js to bypass application whitelisting.

NVIDIA is analyzing its products to determine the extent of the issue. Any updates in relation to this issue will be communicated on the NVIDIA Product Security page. Please continue to monitor the NVIDIA Product Security page for available fixes and additional information.

Revision History

Revision Date Description
2.0 April 27, 2017 Release of Security Bulletin CVE-2017-2650
1.0 April 21, 2017 Initial release

Is this answer helpful?

Live Chat

Chat online with one of our support agents

CHAT NOW

ASK US A QUESTION

Contact Support for assistance

Ask a Question