Windows users of Nvidia’s GeForce Now cloud-gaming service need to update their desktop software, as there’s a serious security flaw that could let malware take over the PC.
You’ve got to update the Windows GeForce Now client software to at least version 220.127.116.11, per an Nvidia security advisory. The Mac, Chrome OS, Android and Nvidia Shield GeForce Now clients are not affected.
“NVIDIA GeForce NOW application software on Windows contains a vulnerability in its open-source software dependency in which the OpenSSL library is vulnerable to binary planting attacks by a local user, which may lead to code execution or escalation of privileges,” states the advisory.
In plain English, according to Threatpost, this means that an attacker with access to the PC — perhaps a person, or perhaps a piece of malware that got installed by other means — would be able to plant a booby-trapped file that the GeForce Now program could load and run. That in turn could lead to further malware infection or attacker control of the machine.
You can update GeForce Now to version 18.104.22.168 by simply launching the application. The new version should automatically download itself, after which you need to follow the prompts to install it. If that doesn’t work, Nvidia has a help page recommending various measures to take.
GeForce Now is a freemium subscription service that lets gamers play games on Nvidia’s own servers, accessing the games remotely from client machines. It isn’t the same as the GeForce Experience software that’s used to manage Nvidia graphics-card settings and driver updates.
The games are bought from Steam or other digital distributors. You’ve got to pay $5 per month for game sessions lasting longer than an hour.