1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Valve's Steam hit by privilege escalation zero-day vuln

Discussion in 'Article Discussion' started by bit-tech, 8 Aug 2019.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
  2. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Even worse: ANY program that can edit the registry can perform the privilege escalation attack, and ANY user on the system who has access to regedit can also perform an attack without downloading anything.
     
  3. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    18,433
    Likes Received:
    4,228
    People still reckon we just need the one games launcher? Best get their house in order.
     
  4. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,003
    Likes Received:
    950
    One != The One
     
  5. monty-pup

    monty-pup Minimodder

    Joined:
    8 Apr 2018
    Posts:
    206
    Likes Received:
    45
    So the more clients I have on my PC, the more protected I am?!

    Wtf.
     
  6. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    18,433
    Likes Received:
    4,228
    Point - missed.
     
  7. Yaka

    Yaka Multimodder

    Joined:
    26 Jun 2005
    Posts:
    2,079
    Likes Received:
    265
    after all the **** EGS has been getting recently surprised they are not using this as a stick to fight back with
     
  8. grimerking

    grimerking Minimodder

    Joined:
    26 Apr 2009
    Posts:
    464
    Likes Received:
    8
    Can this exploit be exploited if Steam isn't running? Is having it installed enough to compromise your machine?
     
  9. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Yes.
    The vulnerability is in the Steam Client Service background service installed alongside Steam. The exploit is triggered on starting the service, and user privileges are all that are needed to start and stop the service at will.
     
  10. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,003
    Likes Received:
    950
    And it has been patched (properly, not just beta).
     
Tags: Add Tags

Share This Page