Valve Fixes Zero-Day Flaw in Steam That Allows Privilege Escalation Attacks

  • Valve fixed a Steam privilege escalation zero-day that they first deemed as “non-applicable” and “out of scope”.
  • The hacker who reported the flaw to them thinks that the fix isn’t really effective, and can be bypassed.
  • Gamers are urged to think about the launchers they are using, and run games as unprivileged users.

Security researcher Vasily Kravets has sent an urgent notice to Valve on June 15, detailing a zero-day exploit that plagued the Steam Client Service. The problem with the vulnerability lies in the fact that it allows an attacker to execute a software program with the highest possible admin rights on any Windows 10 machine that has the Steam Client installed. The number of Steam accounts is about a billion, while the number of daily active users is just shy of a hundred million people, so we’re talking about a grave risk with an extensive attack surface.

All that said, Valve completely disregarded the researcher’s report, categorizing the bug as “not applicable” and refusing to pay Kravets any bounty for his finding. Valve initially refused to fix the zero-day, as they believed that the attacker would need to physically access the target machine. However, Kravets objected to this and asked for another HackerOne member to try the proof of concept and report it again to Valve. This second attempt was rejected again, so it looked like Valve wasn’t planning to fix the severe privilege escalation flaw that introduced a risk for so many individuals.

With 45 days having passed, Kravets made the flaw public for all the world to see last week, and Valve was somewhat forced to do something, so they rolled out an update for their Steam Client Services. Valve called the fix “addressing a privilege escalation exploit using symbolic links in the Windows registry”, so the service now checks for registry symlinks by iterating through subkeys under the Steam key, and confirms the key values of “SymbolicLinkValue” by querying them. While the researcher stated that Valve did the right thing, he still believes that the particular fix can be easily bypassed.

With the situation being under active development right now, more relevant fixes on the Steam Client Service are bound to come soon, and malicious actors will surely try to use the disclosed proof of concept to launch successful attacks. What gamers can do in order to stay protected is not to give admin rights to game executables, prevent the disabling of the Windows “User Account Control” (UAE), and avoid installing games that come from small, new, and unknown developers. As the researcher points out, Steam is intrinsically a security risk for your computer, allowing thousands of third-party programs to run on your system with high privileges.

Are you using the Steam client to launch games, or do you prefer another way? Share the details with us in the comments down below, or on our socials, on Facebook and Twitter.


Recent Articles

10 Best G-Sync Gaming Monitors in 2020

Here's a summary of the Best G-Sync Gaming Monitors in 2020 Best 4K G-Sync Monitor – Asus ROG Swift PG65UQ 65” Best 1440p G-Sync...

Critical SAP Vulnerability Could Lead to Corporate Network Takeover

SAP releases a critical patch, plugging severe remote server takeover hole that requires no authentication. The discoverer of the vulnerability is ready...

The New “Spox” Phishing Kit Makes Campaign Deployment Easier

A new phishing kit has appeared and is growing in popularity quickly, thanks to its user-friendly approach. The kit is called “Spox,”...

British e-Ticketing Service Breach Resulted in 4.8 Million Records Now for Sale

A new threat actor is selling 4.8 million email addresses and passwords on the dark web. The database includes various email addresses...

IPVanish Now Brings Unmetered VPN Connections – Lifting the Previous Limit of 10 Simultaneously Connected Devices!

IPVanish now supports as many devices as you have in your household, with no limitations related to the number of simultaneous connections. This...