Security Notice: Bypass Application Whitelisting Through NVIDIA node.js

Updated 09/29/2021 01:06 PM

NVIDIA’s response to the bypassing of application whitelisting through NVIDIA node.js

Go to NVIDIA Product Security.

Security Notice Update April 27, 2017

This issue has been addressed. For details, see Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in WebHelper.exe. (repackaged Node.js) CVE-2017-2650.

April 21, 2017

This notice is in response to the article Abusing NVIDIA's node.js to bypass application whitelisting, published by SEC Consult. The issue was disclosed on April, 20, 2017 as an SEC Consult blog post that details how to manipulate NVIDIA node.js to bypass application whitelisting.

NVIDIA is analyzing its products to determine the extent of the issue. Any updates in relation to this issue will be communicated on the NVIDIA Product Security page. Please continue to monitor the NVIDIA Product Security page for available fixes and additional information.

Revision History

Revision

Date

Description

2.0

April 27, 2017

Release of Security Bulletin CVE-2017-2650

1.0

April 21, 2017

Initial release

NVIDIA SUPPORT

Security Notice: Bypass Application Whitelisting Through NVIDIA node.js

NVIDIA’s response to the bypassing of application whitelisting through NVIDIA node.js

Go to NVIDIA Product Security.

Security Notice Update April 27, 2017

April 21, 2017

Revision History

Is this answer helpful?

Answers others found helpful

Live Chat

Chat online with one of our support agents

ASK US A QUESTION

Contact Support for assistance