Hackin9

InfoSec News

Computerworld reporters and bloggers bring you full coverage of CES 2013.
 
SanDisk is kicking off the new year with two new solid-state disk drives (SSDs) that should bring performance boosts for PC users.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A new Blu-ray Disc promises to keep data fresh long after it might have decayed on other discs.
 
As the economy improves and at least some of the concerns about the so-called U.S. "fiscal cliff" are resolved, desire for new mobile, analytics and storage technology will drive IT spending this year, according to market researchers and economists.
 

Geoff writes in this morning asking for more eploration around the Nvidia vulnerability patch that was released yesterday. (http://www.securityweek.com/nvidia-releases-fix-dangerous-display-driver-exploit)

He writes: Its really quiet if it is truly a vulnerability patch. I dont see any reference to an exploit fix. Maybe you can dig deeper and confirm?

On December 25th, 2012, a security research released exploit code that leverages a buffer overflow vulnerability in versions prior to 310.90 of the GeForce Driver for a popular line of NVIDIA video cards. This is a privilege escalation exploit that allows someone with low-level access to gain administrative-privileges on that system.

Since it requires access to the target system before it is effective, there isnt as much press about it as you might expect. However, in our current world where uses can be expected to click on just about anything, gaining that access isnt as hard as some might expect or want.

Its been less than two weeks between the public release of the code and a patch, and there were a couple of holidays within those two weeks, so Id give NVIDA points for their response time. As for how serious I think it is? Im downloading the patch as I write this up.

-KL
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status