On Saturday, Nvidia released an update to its GeForce drivers, bringing them up to version 310.90. Prior versions contain a security vulnerability in the NVIDIA Display Driver service (nvvsvc.exe). The vulnerability would allow an existing account to gain elevation to administrator access. The existing account requirement means the vulnerability is not the end of the world but vulnerabilities like this are hardly used in isolation any more and could allow other malware to string vulnerabilities together for complete takeover of a system. Targeted enterprise systems are most at risk from a vulnerability like this.
The vulnerability was identified and disclosed on Christmas by Peter Winter-Smith. It is recommended to update NVIDIA drivers to version 310.90 or greater. With a single line, Nvidia confirms the patch:
Adds a security update for the NVIDIA Display Driver service (nvvsvc.exe).
In addition performance improvements are added to various games across different cards.
You can find the GeForce 310.90 driver and release highlights here: http://www.geforce.com/drivers/results/55121/nvidiaupdate
