Steam gamers warned of Windows 10 security risk
Privilege escalation vulnerability could allow attackers to install malware and steal data
Valve's popular PC gaming platform Steam is vulnerable to a hugely damaging zero-day security vulnerability, experts have warned.
According to new findings, around 72 million Windows users are at risk of having their systems taken over by an attacker who could then install malware, steal data, compromise passwords and more.
The vulnerability was disclosed by security researcher Vasily Kravets, who discovered a privilege escalation vulnerability which could allow an attacker with minimal user permissions to gain the same levels of access as the system admin.
- Nvidia graphics cards found to be vulnerable to security flaw
- These are the best Steam alternatives for PC gamers
- Zero-day defenses are a good reason why you need the latest version of Windows 10
A threat actor could take advantage of this by launching malware using those raised privileges, Kravets explained, saying:
"Some of the threats will remain even being run without administrator rights. The high rights of malicious programs can significantly increase risks, programs could disable antivirus, use deep and dark places to hide and change almost any file of any user, even steal private data."
Steam Client Service
The vulnerability itself affects the Steam Client Service which launches with full systems privileges on Windows. Kravets discovered a way to modify the system registry so that the Steam service could be used to execute another application but with the same elevated privileges.
Unfortunately proof of concept code has already been made available by security researcher Matt Nelson and this makes the vulnerability even more serious as potential attackers now know how to exploit it.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Kravets disclosed his findings just 45 days after submitting his report on the matter to Valve. Typically researchers wait 90 days before publicly disclosing a vulnerability as it gives the affected businesses time to fix the vulnerabilities in their software.
The vulnerability has not been fixed already because Kravets initially reported it using the HackerOne bug bounty system. His report was initially rejected by HackerOne for being out of scope because the attack required “the ability to drop files in arbitrary locations on the user's filesystem” according to The Register. After Kravets convinced HackerOne that the vulnerability was both valid and serious, his report was sent to Valve and rejected again a few weeks later.
Since the proof of concept code has already been published, it is likely that we'll see the vulnerability exploited in the wild soon.
To prevent falling victim to the attack, it is recommended that users follow standard security protocols including not using pirated software, not reusing passwords for multiple sites and services, employing two-factor authentication and applying the latest system updates and patches since an attacker would need access to a user's system to exploit the vulnerability in the first place.
- We've also highlighted the best antivirus software
Via Forbes
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.