Security Notice: Bypass Application Whitelisting Through NVIDIA node.js

Answer ID 4456   |    Updated 05/15/2017 10:43 AM

NVIDIA’s response to the bypassing of application whitelisting through NVIDIA node.js

Go to NVIDIA Product Security.

Security Notice Update April 27, 2017

This issue has been addressed. For details, see Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in WebHelper.exe. (repackaged Node.js) CVE-2017-2650.

April 21, 2017

This notice is in response to the article Abusing NVIDIA's node.js to bypass application whitelisting, published by SEC Consult. The issue was disclosed on April, 20, 2017 as an SEC Consult blog post that details how to manipulate NVIDIA node.js to bypass application whitelisting.

NVIDIA is analyzing its products to determine the extent of the issue. Any updates in relation to this issue will be communicated on the NVIDIA Product Security page. Please continue to monitor the NVIDIA Product Security page for available fixes and additional information.

Revision History

Revision Date Description
2.0 April 27, 2017 Release of Security Bulletin CVE-2017-2650
1.0 April 21, 2017 Initial release
Was this answer helpful?
Your rating has been submitted, please tell us how we can make this answer more useful.