Valve's popular PC gaming platform Steam is vulnerable to a zero-day security vulnerability which could leave 72m Windows users at risk of having their systems taken over by an attacker who could then install malware, steal data, compromise passwords and more.
The vulnerability was disclosed by a security researcher named Vasily Kravets just 45 days after submitting his report on the matter to Valve. Typically researchers wait 90 days before publicly disclosing a vulnerability as it gives the affected businesses time to fix the vulnerabilities in their software.
Kravets discovered a privilege escalation vulnerability which could allow an attacker with minimal user permissions to gain the same levels of access as the system admin. A threat actor could take advantage of this by launching malware using those raised privileges. Kravets explained just how serious the vulnerability is, saying:
- Nvidia graphics cards found to be vulnerable to security flaw
- These are the best Steam alternatives for PC gamers
- Zero-day defenses are a good reason why you need the latest version of Windows 10
“Some of the threats will remain even being run without administrator rights. The high rights of malicious programs can significantly increase risks, programs could disable antivirus, use deep and dark places to hide and change almost any file of any user, even steal private data.”
Steam Client Service
The vulnerability itself affects the Steam Client Service which launches with full systems privileges on Windows. Kravets discovered a way to modify the system registry so that the Steam service could be used to execute another application but with the same elevated privileges.
Unfortunately proof of concept code has already been made available by security researcher Matt Nelson and this makes the vulnerability even more serious as potential attackers now know how to exploit it.
The vulnerability has not been fixed already because Kravets initially reported it using the HackerOne bug bounty system. His report was initially rejected by HackerOne for being out of scope because the attack required “the ability to drop files in arbitrary locations on the user's filesystem” according to The Register. After Kravets convinced HackerOne that the vulnerability was both valid and serious, his report was sent to Valve and rejected again a few weeks later.
Since the proof of concept code has already been published, it is likely that we'll see the vulnerability exploited in the wild soon.
To prevent falling victim to the attack, it is recommended that users follow standard security protocols including not using pirated software, not reusing passwords for multiple sites and services, employing two-factor authentication and applying the latest system updates and patches since an attacker would need access to a user's system to exploit the vulnerability in the first place.
- We've also highlighted the best antivirus software