Discussion in 'Article Discussion' started by bit-tech, 8 Aug 2019.
Is this saying that games downloaded from Steam can bypass UAC at installation... to get remote access control of users' machines, if they are coded to do so?
Even worse: ANY program that can edit the registry can perform the privilege escalation attack, and ANY user on the system who has access to regedit can also perform an attack without downloading anything.
OK; this escalated to levels I normally steer clear of - Valve need to get their s**t together, yes...?
People still reckon we just need the one games launcher? Best get their house in order.
One != The One
So the more clients I have on my PC, the more protected I am?!
Point - missed.
after all the **** EGS has been getting recently surprised they are not using this as a stick to fight back with
Can this exploit be exploited if Steam isn't running? Is having it installed enough to compromise your machine?
The vulnerability is in the Steam Client Service background service installed alongside Steam. The exploit is triggered on starting the service, and user privileges are all that are needed to start and stop the service at will.
And it has been patched (properly, not just beta).
Separate names with a comma.