Windows: Most gamers love updating their graphics card’s drivers to score the best performance for their favorite titles. But even if you’re a “filthy casual,” you’re going to want to make sure your system’s Nvidia drivers are up to date. Nvidia recently found a few critical vulnerabilities in its display driver that need fixing, pronto.
As Nvidia noted in a Friday security bulletin, five different issues impact Windows users running GPUs from the company’s GeForce, Quadro, NVS, or Tesla lines. (For most people, that’s just GeForce—everything else is for professional workstations or commercial implementations.)
We’ve listed the specific vulnerabilities below. Even if you don’t understand all of the tech-speak, it’s worth knowing that Nvidia’s ranks them between a 5.2 and an 8.8 on its “how severe is this vulnerability” assessment scale—a scale that goes to 10. All of the vulnerabilities could allow an attacker to either execute code or a denial-of-service attack, and all are incredibly easy to patch with one simple update.
- CVE‑2019‑5683: “NVIDIA Windows GPU Display Driver contains a vulnerability in the user mode video driver trace logger component. When an attacker has access to the system and creates a hard link, the software does not check for hard link attacks. This behavior may lead to code execution, denial of service, or escalation of privileges.”
- CVE‑2019‑5684: “NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access of an input texture array, which may lead to denial of service or code execution.”
- CVE‑2019‑5685: “NVIDIA Windows GPU Display Driver contains a vulnerability in DirectX drivers, in which a specially crafted shader can cause an out of bounds access to a shader local temporary array, which may lead to denial of service or code execution.”
- CVE‑2019‑5686: “NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service.”
- CVE‑2019‑5687: “NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which an incorrect use of default permissions for an object exposes it to an unintended actor, which may lead to information disclosure or denial of service.”
How to update your system’s GeForce drivers
As mentioned, most people will only need to worry about upgrading their GeForce drivers for Nvidia’s consumer graphics cards. As long as you’re running the latest version of the drivers—431.60—you’re set.
To check, you can install Nvidia’s GeForce Experience app, which should list your driver version directly on the associated tab:
You can also pull up Windows’ Device Manager—click the Start menu button and start typing that in—and then click on Display Adapters, right-click on your graphics card, click Properties, and click on the Driver tab. The last five digits of the Driver Version should correspond to Nvidia’s numbering scheme for drivers, and you’re going to want to make sure that your drivers end with “4.3160.”
If you aren’t running version 431.60, you have a few options for updating your drivers. The first, and easiest, is to just download and install updates using GeForce Experience. It’s as easy as clicking a button, and having this app installed on your system will ensure you’re always going to get a prompt for updates whenever a new driver is available. (You can even download these updates automatically if you check an option in the application’s settings.)
Laptop users: Before you go the GeForce Experience route, you should first check to see if your laptop’s manufacturer has any customized version of Nvidia’s updates you should install instead. This is always an annoying trade-off; Nvidia will be quicker about releasing updated drivers, but there’s no guarantee that they’ll work perfectly with however your laptop’s manufacturer has configured your system. You can try installing Nvidia’s more generic drivers—especially if your laptop’s manufacturer hasn’t updated their versions for the last year or so—but I recommend backing up your system in case these drivers go haywire and you have to roll back.
Going forward, make sure you stay on top of this. Not only do updated drivers patch irritating little vulnerabilities like the ones we just talked about, but they’re also a great way to ensure you’re getting the best gaming experience for everything new that comes out. It’s a win-win, and requires almost no extra effort on your part.