By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

The popular Steam game client for Windows has a zero-day privilege escalation vulnerability that can allow an attacker with limited permissions to run a program as an administrator. Privilege escalation vulnerabilities are bugs that enable a user with limited rights to launch an executable with elevated, or administrative privileges. As Steam has over 100 million registered users and millions of them playing at a time, this is a serious risk that could be abused by malware to perform a variety of unwanted activities. Two researchers publicly disclosed a zero-day vulnerability for the Steam client after Valve determined that the flaw was "Not Applicable." The company chose not to award a bug bounty or give an indication that they would fix it and told the researchers that they were not allowed to disclose it. In a report published yesterday, security researcher Felix was analyzing a Windows service associated with the Steam called "Steam Client Service" that launched its executable with SYSTEM privileges on Windows. The researcher also noticed that the service could be started and stopped by the "User" group, which is pretty much anyone logged on the computer. The registry key for this service, though, was not writable by the "User" group, so it could not be modified to launch a different executable and elevate its privileges to an administrator. The researcher then tried configuring a symlink from one of these subkeys to another key for which he did not have sufficient permissions and saw that it was possible to modify that key as well. Learn more by visiting OUR FORUM.

 

GTranslate