BleepingComputer reports Zero Day Vulnerabilty in Steam Client

Hoss

Hoss

Chieftain
Joined
Jan 7, 2005
Messages
41
Just a heads up ...

https://www.bleepingcomputer.com/ne...vulnerability-affects-over-100-million-users/

The popular Steam game client for Windows has a zero-day privilege escalation vulnerability that can allow an attacker with limited permissions to run a program as an administrator

Privilege escalation vulnerabilities are bugs that enable a user with limited rights to launch an executable with elevated, or administrative privileges. With Steam having over 100 million registered users and millions of them playing at a time, this is a serious risk that could be abused by malware to perform a variety of unwanted activities.

A lot of the technical details are over my head, but I'm not sure if I should worry
 
Yeah, if they can really enter a command line with admin privileges, that could be an issue. Not sure why Valve would dismiss it so easily, unless there is something we don't know here.
 
If they already have limited privileges without you knowing, you’ve already got a problem. This steam issue is more like the last safe door, after they’ve already broken into your house.
 
Xur said:
If they already have limited privileges without you knowing, you’ve already got a problem. This steam issue is more like the last safe door, after they’ve already broken into your house.
Click to expand...
1. Not what limited privileges means. It means a guest account can use Steam to run commands as an administrator.
2. You should probably just actually read the article, starting with this paragraph. It's all you need to know, really:
Two researchers publicly disclosed a zero-day vulnerability for the Steam client after Valve determined that the flaw was "Not Applicable." When the vulnerability was submitted to Valve's bug bounty program on HackerOne, the company chose not award a bug bounty or give an indication that they would fix it, and told the researchers that they were not allowed to disclose it.
Click to expand...
Valve's bug bounty program was one of the reasons they could act so slack in face of previous issues (there have been some serious vulnerabilities disclosed, fixed, and rewarded), but if they're just going to pretend it isn't applicable in certain situations (and from reading the article this does seem to be a bug of a category that they normally place a bounty for), this is worrying. It undermines faith in the existing program as well.
 
Gorbles said:
1. Not what limited privileges means. It means a guest account can use Steam to run commands as an administrator.
2. You should probably just actually read the article, starting with this paragraph. It's all you need to know, really:

Valve's bug bounty program was one of the reasons they could act so slack in face of previous issues (there have been some serious vulnerabilities disclosed, fixed, and rewarded), but if they're just going to pretend it isn't applicable in certain situations (and from reading the article this does seem to be a bug of a category that they normally place a bounty for), this is worrying. It undermines faith in the existing program as well.
Click to expand...
Yea, thanks. I know what it means.
 
You must log in or register to reply here.

Similar threads

Laurana Kanan
[LP] Leader Pass Pack 6: Rulers of England (Mar. 2023) - Patch Notes Discussion
5 6 7
Replies
139
Views
18K
Hellenism Salesman
Hellenism Salesman
Krajzen
To stand the test of time - or a little argumentative essay on why civ7 should allow retention of the old civs in the new eras
3 4 5
Replies
82
Views
7K
I was NC
I
The_J
Millennia - Multiplayer Update is Live!
Replies
0
Views
824
The_J
The_J
W
[BTS] Notes on marathon Space Colony
Replies
13
Views
1K
Wednesday
W
L
Frequent (every other day) Civ6 Crashes + Game Options Reset
Replies
0
Views
2K
Lost Soul 1
L
Back
Top Bottom