1. We have added a Gift Upgrades feature that allows you to gift an account upgrade to another member, just in time for the holiday season. You can see the gift option when going to the Account Upgrades screen, or on any user profile screen.
    Dismiss Notice

Bleeping Computer - "Second Steam Zero-Day Impacts Over 96 Million Windows Users"

Discussion in 'Computer Talk' started by Hoss, Aug 22, 2019.

  1. Hoss

    Hoss Chieftain

    Joined:
    Jan 7, 2005
    Messages:
    40
    Another one reported

    https://www.bleepingcomputer.com/ne...o-day-impacts-over-96-million-windows-users/1

    Second Steam Zero-Day Impacts Over 96 Million Windows Users

    "The privilege escalation (also known as an elevation of privilege or local privilege escalation) security flaw disclosed today by Kravets can allow attackers with limited rights to use a technique known as BaitAndSwitch to run executables using the Steam Client Service's NT AUTHORITY\SYSTEM elevated permissions.

    This would allow potential attackers to launch a three-stage attack, getting remote code execution privileges by exploiting a vulnerability in a Steam game, a Windows app, or the OS itself, subsequently elevating privileges on the compromised device and running a malicious payload using SYSTEM permissions."
     
  2. Karmah

    Karmah King Supporter

    Joined:
    Mar 3, 2011
    Messages:
    992
    and practically ,how do we avoid it ? by not clicking a link or it goes beyond that common sense ?
     
  3. Serutan

    Serutan Eatibus Anythingibus

    Joined:
    Feb 20, 2002
    Messages:
    5,513
    Location:
    Baja Arizona
    If you don't have the Steam client, you're good to go.

    If you do, and want to be safe you need to uninstall it ASAP and not re-install until Valve fixes the issue.

    Also the link in the OP got me a 'site down' message. Here's an alternative:

    https://www.zdnet.com/article/resea...-getting-banned-on-valves-bug-bounty-program/
     
    Karmah likes this.

Share This Page