1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Valve's Steam hit by privilege escalation zero-day vuln

Discussion in 'Article Discussion' started by bit-tech, 8 Aug 2019.

  1. bit-tech

    bit-tech Supreme Overlord Staff Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,495
    Likes Received:
    120
    Read more
     
  2. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Even worse: ANY program that can edit the registry can perform the privilege escalation attack, and ANY user on the system who has access to regedit can also perform an attack without downloading anything.
     
  3. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    16,913
    Likes Received:
    3,236
    People still reckon we just need the one games launcher? Best get their house in order.
     
  4. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    6,722
    Likes Received:
    854
    One != The One
     
  5. monty-pup

    monty-pup Minimodder

    Joined:
    8 Apr 2018
    Posts:
    147
    Likes Received:
    18
    So the more clients I have on my PC, the more protected I am?!

    Wtf.
     
  6. adidan

    adidan Guesswork is still work

    Joined:
    25 Mar 2009
    Posts:
    16,913
    Likes Received:
    3,236
    Point - missed.
     
  7. Yaka

    Yaka Modder

    Joined:
    26 Jun 2005
    Posts:
    1,889
    Likes Received:
    219
    after all the **** EGS has been getting recently surprised they are not using this as a stick to fight back with
     
  8. grimerking

    grimerking Minimodder

    Joined:
    26 Apr 2009
    Posts:
    460
    Likes Received:
    7
    Can this exploit be exploited if Steam isn't running? Is having it installed enough to compromise your machine?
     
  9. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Yes.
    The vulnerability is in the Steam Client Service background service installed alongside Steam. The exploit is triggered on starting the service, and user privileges are all that are needed to start and stop the service at will.
     
  10. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    6,722
    Likes Received:
    854
    And it has been patched (properly, not just beta).
     
Tags: Add Tags

Share This Page