Steam Zero-Day Vulnerability Affects Over 100 Million Users

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
The popular Steam game client for Windows has a zero-day privilege escalation vulnerability that can allow an attacker with limited permissions to run a program as an administrator

Privilege escalation vulnerabilities are bugs that enable a user with limited rights to launch an executable with elevated, or administrative privileges. As Steam has over 100 million registered users and millions of them playing at a time, this is a serious risk that could be abused by malware to perform a variety of unwanted activities.
 
L

Local Host

Thank you for posting the article. Lively and interesting, ongoing discussion about it on Steam since yesterday. It's a concern despite efforts to downplay it. I'm not reinstalling the Steam app until it's properly sorted.

You'll have to keep Steam uninstalled for many years to come then, Steam is full of exploits...

Valve is extremely slow with updates and careless with their code, no one at Valve takes responsability either, their company has no structure.
 
F

ForgottenSeer 58943

You'll have to keep Steam uninstalled for many years to come then, Steam is full of exploits...

Valve is extremely slow with updates and careless with their code, no one at Valve takes responsibility either, their company has no structure.

For Valve, security is the lowest priority on their JIRA cards for development. Absolute lowest. It doesn't impact their cash flow, so all it has been moved to backlog.

Steam is trash, always has been, always will be. Installing it basically is allowing a plethora of off the shelf exploits to be used against your system. But like Local Host says, it's never going to be fixed, ever. So you don't really have much of a choice. Actually, you can possibly run steam in protected mode with Hitman Pro Alert, that could help but might require tweaking.

No good answer here.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Will be fixed soon. Fix is now in beta:
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
I was fairly confident this would be fixed, just not this soon. Great, the Client can be reinstated sooner rather than later. Steam has way too much to lose not to address this. pronto
 
F

ForgottenSeer 58943

Remarkable. There must be a ton of bad press hitting them from this.

Also, it could be - the competition and intrusion into their realm by the Epic Game Store and Exclusives is playing into it as a motivating catalyst.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
That's Valve, lackadaisical as usual. The thing is:Bethesda, Rockstar all them don't need Steam as much as the obverse, not like back in the day. That's major incentive to get going. Maybe they should invest something serious and rebuild the Client from the ground-up. Public scrutiny and judgement aren't going away this time. Not reinstating the Client for the foreseeable future, it's just not happening.
 
F

ForgottenSeer 58943


As I stated earlier, security and refinements aren't on Steam's Agenda, and never have been. Their Jira Cards are all about changes that will make them more money with anything security related backlogged status/unassigned. People complain about Epic and others, but the reality is Steam is even more undeserving of our support (and money) as their entire business model is based on monetizing everything at all costs, as quickly as possible, to the highest degree that will serve Steam with everything else an afterthought.

Steam is a massive threat surface and always has been.

 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Not so much patience for bad Client software, too many people watching and criticizing, too much bad press. So the pendulum swings back. Me, I'm not addicted so the Client can stay off of here indefinitely. But those with thousands of dollars' worth or more of games, wow. Probably most don't care too much about risks, but thankfully, enough do.

 
F

ForgottenSeer 58943

You can pull up what you spent on games. Although the numbers can be off if you did what I did, and got Humble Bundles and other deals. I know people with nearly 10K in cash spent on Steam games.

I haven't purchased anything on Steam in about a year, possibly more as I migrate away from it, and over to GOG and Epic. But overall my game spending has dramatically slid since Epic started giving away so many good free games.
 

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
The Client (beta) has been updated yet again.


Source.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top