1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Valve's Steam hit by privilege escalation zero-day vuln

Discussion in 'Article Discussion' started by bit-tech, 8 Aug 2019.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
    bit-tech, 8 Aug 2019
    #1
  2. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Even worse: ANY program that can edit the registry can perform the privilege escalation attack, and ANY user on the system who has access to regedit can also perform an attack without downloading anything.
     
    edzieba, 8 Aug 2019
    #2
  3. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    19,800
    Likes Received:
    5,591
    People still reckon we just need the one games launcher? Best get their house in order.
     
    adidan, 8 Aug 2019
    #3
  4. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,062
    Likes Received:
    970
    One != The One
     
    Anfield, 8 Aug 2019
    #4
  5. monty-pup

    monty-pup Minimodder

    Joined:
    8 Apr 2018
    Posts:
    206
    Likes Received:
    45
    So the more clients I have on my PC, the more protected I am?!

    Wtf.
     
    monty-pup, 8 Aug 2019
    #5
  6. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    19,800
    Likes Received:
    5,591
    Point - missed.
     
    adidan, 8 Aug 2019
    #6
  7. Yaka

    Yaka Multimodder

    Joined:
    26 Jun 2005
    Posts:
    2,294
    Likes Received:
    390
    after all the **** EGS has been getting recently surprised they are not using this as a stick to fight back with
     
    Yaka, 9 Aug 2019
    #7
  8. grimerking

    grimerking Minimodder

    Joined:
    26 Apr 2009
    Posts:
    464
    Likes Received:
    8
    Can this exploit be exploited if Steam isn't running? Is having it installed enough to compromise your machine?
     
    grimerking, 9 Aug 2019
    #8
  9. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Yes.
    The vulnerability is in the Steam Client Service background service installed alongside Steam. The exploit is triggered on starting the service, and user privileges are all that are needed to start and stop the service at will.
     
    edzieba, 10 Aug 2019
    #9
  10. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,062
    Likes Received:
    970
    And it has been patched (properly, not just beta).
     
    Anfield, 14 Aug 2019
    #10
Tags: Add Tags

Share This Page