Steam Zero-Day Vulnerability Affects Over 100 Million Users
- Thread starter LASER_oneXM
- Start date
F
ForgottenSeer 58943
Steam is buggy and filled with backdoors. So many in fact, it's made the powerpoints at the NSA about how fun it is to have Steam installed on work computers and systems they need to infiltrate.
Thank you for posting the article. Lively and interesting, ongoing discussion about it on Steam since yesterday. It's a concern despite efforts to downplay it. I'm not reinstalling the Steam app until it's properly sorted.
steamcommunity.com
Steam Windows Client Local Privilege Escalation 0day :: Steam Discussions
L
Local Host
You'll have to keep Steam uninstalled for many years to come then, Steam is full of exploits...Thank you for posting the article. Lively and interesting, ongoing discussion about it on Steam since yesterday. It's a concern despite efforts to downplay it. I'm not reinstalling the Steam app until it's properly sorted.
Steam Windows Client Local Privilege Escalation 0day :: Steam Discussions
Valve is extremely slow with updates and careless with their code, no one at Valve takes responsability either, their company has no structure.
F
ForgottenSeer 58943
For Valve, security is the lowest priority on their JIRA cards for development. Absolute lowest. It doesn't impact their cash flow, so all it has been moved to backlog.
Steam is trash, always has been, always will be. Installing it basically is allowing a plethora of off the shelf exploits to be used against your system. But like Local Host says, it's never going to be fixed, ever. So you don't really have much of a choice. Actually, you can possibly run steam in protected mode with Hitman Pro Alert, that could help but might require tweaking.
No good answer here.
Gandalf_The_Grey
Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Will be fixed soon. Fix is now in beta:
www.neowin.net
steamcommunity.com
Valve fixes zero-day exploit for Steam in latest beta
Valve has now begun fixing a zero-day exploit in Steam that could result in an escalation of privilege attack, after public criticism from the researcher who found it made headlines.
www.neowin.net
Steam Community :: Group :: Steam Client Beta
Welcome to the Steam Client Beta group. Opting in to the Steam Client Beta lets you see the latest features before they're released. You can find out how to opt in to a beta here: https://help.steampowered.com/faqs/view/276C-85A0-C531-AFA3 You can see the latest Client Beta updates on this...
I was fairly confident this would be fixed, just not this soon. Great, the Client can be reinstated sooner rather than later. Steam has way too much to lose not to address this. pronto
F
ForgottenSeer 58943
Remarkable. There must be a ton of bad press hitting them from this.
Also, it could be - the competition and intrusion into their realm by the Epic Game Store and Exclusives is playing into it as a motivating catalyst.
Also, it could be - the competition and intrusion into their realm by the Epic Game Store and Exclusives is playing into it as a motivating catalyst.
So you just need enough public outcry and start fixing things
The news showed up even on 2 german (not security related) newsticker I read.
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
Steam Security Saga Continues with Vulnerability Fix Bypass
A bypass for a recent Steam vulnerability that could allow malware or a local attacker to gain admin privileges has been disclosed on Twitter. This new method allows an attacker to bypass the fix created by Steam and exploit the vulnerability again.
It took them 9 days to patch this (not counting the Steam Beta patch after 2 days) and the day after its release, the patch can be bypassed... Great job.
That's Valve, lackadaisical as usual. The thing is:Bethesda, Rockstar all them don't need Steam as much as the obverse, not like back in the day. That's major incentive to get going. Maybe they should invest something serious and rebuild the Client from the ground-up. Public scrutiny and judgement aren't going away this time. Not reinstating the Client for the foreseeable future, it's just not happening.
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
Second Steam Zero-Day Impacts Over 96 Million Windows Users
A second Steam Windows client zero-day privilege escalation vulnerability affecting over 96 million users has been publicly disclosed today by Russian researcher Vasily Kravets.
F
ForgottenSeer 58943
Second Steam Zero-Day Impacts Over 96 Million Windows Users
A second Steam Windows client zero-day privilege escalation vulnerability affecting over 96 million users has been publicly disclosed today by Russian researcher Vasily Kravets.www.bleepingcomputer.com
As I stated earlier, security and refinements aren't on Steam's Agenda, and never have been. Their Jira Cards are all about changes that will make them more money with anything security related backlogged status/unassigned. People complain about Epic and others, but the reality is Steam is even more undeserving of our support (and money) as their entire business model is based on monetizing everything at all costs, as quickly as possible, to the highest degree that will serve Steam with everything else an afterthought.
Steam is a massive threat surface and always has been.
Not so much patience for bad Client software, too many people watching and criticizing, too much bad press. So the pendulum swings back. Me, I'm not addicted so the Client can stay off of here indefinitely. But those with thousands of dollars' worth or more of games, wow. Probably most don't care too much about risks, but thankfully, enough do.
www.wilderssecurity.com
Steam Zero-Day Vulnerability Affects Over 100 Million Users
https://www.bleepingcomputer.com/news/security/steam-zero-day-vulnerability-affects-over-100-million-users/ The popular Steam game client for Windows...
www.wilderssecurity.com
F
ForgottenSeer 58943
You can pull up what you spent on games. Although the numbers can be off if you did what I did, and got Humble Bundles and other deals. I know people with nearly 10K in cash spent on Steam games.
I haven't purchased anything on Steam in about a year, possibly more as I migrate away from it, and over to GOG and Epic. But overall my game spending has dramatically slid since Epic started giving away so many good free games.
I haven't purchased anything on Steam in about a year, possibly more as I migrate away from it, and over to GOG and Epic. But overall my game spending has dramatically slid since Epic started giving away so many good free games.
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
Steam Patches LPE Vulnerabilities in Beta Version Update
Almost 48 hours after security researcher Vasily Kravets (PsiDragon) released his proof of concept (PoC) for a second vulnerability in Steam client for Windows leading to privilege escalation, Valve released a beta update that allegedly fixes the bugs.
The Client (beta) has been updated yet again.
steamcommunity.com
Source.
Steam Community :: Group :: Steam Client Beta
Welcome to the Steam Client Beta group. Opting in to the Steam Client Beta lets you see the latest features before they're released. You can find out how to opt in to a beta here: https://help.steampowered.com/faqs/view/276C-85A0-C531-AFA3 You can see the latest Client Beta updates on this...
Source.
You may also like...
-
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access- Started by Divergent
- Replies: 1
-
Google addresses 107 Android vulnerabilities, including two zero-days- Started by Miravi
- Replies: 3
-
New Windows Zero-Day Exploited by Chinese APT: Security Firm- Started by Brownie2019
- Replies: 0
-
Spyware Maker NSO Ordered to Pay $167 Million Over WhatsApp Hack
- Started by Brownie2019
- Replies: 1
-
Microsoft patches actively exploited Office zero-day vulnerability- Started by Parkinsond
- Replies: 0