News Valve's Steam hit by privilege escalation zero-day vuln

Discussion in 'Article Discussion' started by bit-tech, 8 Aug 2019.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
    bit-tech, 8 Aug 2019
    #1
  2. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Even worse: ANY program that can edit the registry can perform the privilege escalation attack, and ANY user on the system who has access to regedit can also perform an attack without downloading anything.
     
    edzieba, 8 Aug 2019
    #2
  3. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    19,848
    Likes Received:
    5,622
    People still reckon we just need the one games launcher? Best get their house in order.
     
    adidan, 8 Aug 2019
    #3
  4. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,063
    Likes Received:
    972
    One != The One
     
    Anfield, 8 Aug 2019
    #4
  5. monty-pup

    monty-pup Minimodder

    Joined:
    8 Apr 2018
    Posts:
    206
    Likes Received:
    45
    So the more clients I have on my PC, the more protected I am?!

    Wtf.
     
    monty-pup, 8 Aug 2019
    #5
  6. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    19,848
    Likes Received:
    5,622
    Point - missed.
     
    adidan, 8 Aug 2019
    #6
  7. Yaka

    Yaka Multimodder

    Joined:
    26 Jun 2005
    Posts:
    2,297
    Likes Received:
    393
    after all the **** EGS has been getting recently surprised they are not using this as a stick to fight back with
     
    Yaka, 9 Aug 2019
    #7
  8. grimerking

    grimerking Minimodder

    Joined:
    26 Apr 2009
    Posts:
    464
    Likes Received:
    8
    Can this exploit be exploited if Steam isn't running? Is having it installed enough to compromise your machine?
     
    grimerking, 9 Aug 2019
    #8
  9. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Yes.
    The vulnerability is in the Steam Client Service background service installed alongside Steam. The exploit is triggered on starting the service, and user privileges are all that are needed to start and stop the service at will.
     
    edzieba, 10 Aug 2019
    #9
  10. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,063
    Likes Received:
    972
    And it has been patched (properly, not just beta).
     
    Anfield, 14 Aug 2019
    #10
Tags: Add Tags

Share This Page