1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Valve's Steam hit by privilege escalation zero-day vuln

Discussion in 'Article Discussion' started by bit-tech, 8 Aug 2019.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    2,410
    Likes Received:
    43
    Read more
     
  2. Jeff Hine

    Jeff Hine Nothing special

    Joined:
    8 May 2009
    Posts:
    1,312
    Likes Received:
    159
    Is this saying that games downloaded from Steam can bypass UAC at installation... to get remote access control of users' machines, if they are coded to do so?
     
  3. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,289
    Likes Received:
    307
    Even worse: ANY program that can edit the registry can perform the privilege escalation attack, and ANY user on the system who has access to regedit can also perform an attack without downloading anything.
     
  4. Jeff Hine

    Jeff Hine Nothing special

    Joined:
    8 May 2009
    Posts:
    1,312
    Likes Received:
    159
    OK; this escalated to levels I normally steer clear of - Valve need to get their s**t together, yes...?
     
  5. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    14,183
    Likes Received:
    1,690
    People still reckon we just need the one games launcher? Best get their house in order.
     
  6. Anfield

    Anfield Well-Known Member

    Joined:
    15 Jan 2010
    Posts:
    5,177
    Likes Received:
    412
    One != The One
     
  7. monty-pup

    monty-pup Member

    Joined:
    8 Apr 2018
    Posts:
    40
    Likes Received:
    6
    So the more clients I have on my PC, the more protected I am?!

    Wtf.
     
  8. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    14,183
    Likes Received:
    1,690
    Point - missed.
     
  9. Yaka

    Yaka Well-Known Member

    Joined:
    26 Jun 2005
    Posts:
    1,498
    Likes Received:
    106
    after all the **** EGS has been getting recently surprised they are not using this as a stick to fight back with
     
  10. grimerking

    grimerking Member

    Joined:
    26 Apr 2009
    Posts:
    434
    Likes Received:
    1
    Can this exploit be exploited if Steam isn't running? Is having it installed enough to compromise your machine?
     
  11. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,289
    Likes Received:
    307
    Yes.
    The vulnerability is in the Steam Client Service background service installed alongside Steam. The exploit is triggered on starting the service, and user privileges are all that are needed to start and stop the service at will.
     
  12. Anfield

    Anfield Well-Known Member

    Joined:
    15 Jan 2010
    Posts:
    5,177
    Likes Received:
    412
    And it has been patched (properly, not just beta).
     
Tags: Add Tags

Share This Page