Researcher Finds Steam 0Day Exploit, Valve Ignores It, Exploit Becomes Public https://news.softpedia.com/news/res...gnores-it-exploit-becomes-public-527012.shtml
Valve fixes zero-day exploit for Steam in latest beta https://www.neowin.net/news/valve-fixes-zero-day-exploit-for-steam-in-latest-beta
I know you hate Steam and this vulnerability was an issue, but I think Steam is awesome. Once you install the Steam client on a computer, you have access to your entire library of games you have purchased through Steam. You can just click on a game you want to play and then click on Install and it will download and install it for you. It's really handy having access to multiple games from one place and not having to visit websites to download the installers.
Steam Security Vulnerabilities Fixed, Researchers Don't Agree August 12, 2019 https://www.bleepingcomputer.com/ne...vulnerabilities-fixed-researchers-dont-agree/
Steam Security Saga Continues with Vulnerability Fix Bypass August 16, 2019 https://www.bleepingcomputer.com/ne...saga-continues-with-vulnerability-fix-bypass/
It also has got advantages of course. But I just don't like it in general, I think it's riduculous that it loads in the background, even if the game is installed from DVD.
Steam Accounts Being Stolen Through Elaborate Free Game Scam https://www.bleepingcomputer.com/ne...eing-stolen-through-elaborate-free-game-scam/
would it help to sandbox some parts of steam? or something similar? just wondering about it and trying to think of a workaround etc... cheers
Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program Valve gets heavily criticized for mishandling a crucial bug report August 21, 2019 https://www.zdnet.com/article/resea...-getting-banned-on-valves-bug-bounty-program/
Mine just got a beta update: [-]Steam Client Beta - August 21 The Steam Client Beta has been updated with the following change: General Fixes for local-privilege-escalation vulnerabilities.
Valve (but not HackerOne) makes amends after raising the ire of white hats https://arstechnica.com/information...-reporting-steam-vulnerability-was-a-mistake/
Steam Patches LPE Vulnerabilities in Beta Version Update August 22, 2019 https://www.bleepingcomputer.com/ne...s-lpe-vulnerabilities-in-beta-version-update/
I noticed the following in the EventViewer after restart: Warning: SteamService: Revalidate: C:\Program Files (x86)\Common Files\Steam\SteamService.dll.new Maybe they added some kind of internal check on every reboot?
A new update: Steam Client Beta - August 28 The Steam Client Beta has been updated with the following changes: General Fix Steam service vulnerability that allowed appending data to system-owned files Remove Steam service log message being written to Windows event log on service startup It seems the second change is the one I reported in my previous post.
A new beta update: Steam Client Beta - September 3 The Steam Client Beta has been updated with the following changes General Enable search for localized game names in the Steam library The text entry area in the chat window now expands if you are typing long messages Windows Fix privilege escalation vulnerability in Steam client service