Steam Zero-Day Vulnerability Affects Over 100 Million Users

Discussion in 'other security issues & news' started by ZMsiXone, Aug 8, 2019.

  1. ZMsiXone

    ZMsiXone Registered Member

    Joined:
    Mar 30, 2017
    Posts:
    295
    Location:
    EUROPE/poland/germany
    https://www.bleepingcomputer.com/ne...vulnerability-affects-over-100-million-users/
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,601
    Location:
    Slovenia, EU
  3. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    5,352
    Location:
    USA
    This was a lazy mistake and not fixing it is another. They need to fix this sooner than later.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,601
    Location:
    Slovenia, EU
    Valve fixes zero-day exploit for Steam in latest beta
    https://www.neowin.net/news/valve-fixes-zero-day-exploit-for-steam-in-latest-beta
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,302
    Location:
    The Netherlands
    Another reason to hate this Steam garbage. :thumbd:
     
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    7,435
    I know you hate Steam and this vulnerability was an issue, but I think Steam is awesome. Once you install the Steam client on a computer, you have access to your entire library of games you have purchased through Steam. You can just click on a game you want to play and then click on Install and it will download and install it for you. It's really handy having access to multiple games from one place and not having to visit websites to download the installers.
     
  7. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    22,636
    Steam Security Vulnerabilities Fixed, Researchers Don't Agree
    August 12, 2019
    https://www.bleepingcomputer.com/ne...vulnerabilities-fixed-researchers-dont-agree/
     
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    22,636
    Steam Security Saga Continues with Vulnerability Fix Bypass
    August 16, 2019
    https://www.bleepingcomputer.com/ne...saga-continues-with-vulnerability-fix-bypass/
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    12,302
    Location:
    The Netherlands
    It also has got advantages of course. But I just don't like it in general, I think it's riduculous that it loads in the background, even if the game is installed from DVD.
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,601
    Location:
    Slovenia, EU
    Steam Accounts Being Stolen Through Elaborate Free Game Scam
    https://www.bleepingcomputer.com/ne...eing-stolen-through-elaborate-free-game-scam/
     
  11. Be_Ta

    Be_Ta Registered Member

    Joined:
    Jan 15, 2019
    Posts:
    28
    Location:
    Earth
    would it help to sandbox some parts of steam? or something similar?

    just wondering about it and trying to think of a workaround etc...


    cheers
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    22,636
    Researcher publishes second Steam zero day after getting banned on Valve's bug bounty program
    Valve gets heavily criticized for mishandling a crucial bug report
    August 21, 2019

    https://www.zdnet.com/article/resea...-getting-banned-on-valves-bug-bounty-program/
     
  13. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    181
    Location:
    Bulgaria
    Mine just got a beta update:

    [-]Steam Client Beta - August 21

    The Steam Client Beta has been updated with the following change:

    General

    Fixes for local-privilege-escalation vulnerabilities.
     
    Last edited: Aug 22, 2019
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    12,601
    Location:
    Slovenia, EU
    Valve (but not HackerOne) makes amends after raising the ire of white hats
    https://arstechnica.com/information...-reporting-steam-vulnerability-was-a-mistake/
     
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    22,636
    Steam Patches LPE Vulnerabilities in Beta Version Update
    August 22, 2019
    https://www.bleepingcomputer.com/ne...s-lpe-vulnerabilities-in-beta-version-update/
     
  16. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    181
    Location:
    Bulgaria
    I noticed the following in the EventViewer after restart:

    Warning: SteamService: Revalidate: C:\Program Files (x86)\Common Files\Steam\SteamService.dll.new

    Maybe they added some kind of internal check on every reboot?
     
  17. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    181
    Location:
    Bulgaria
    A new update:

    Steam Client Beta - August 28

    The Steam Client Beta has been updated with the following changes:

    General
    Fix Steam service vulnerability that allowed appending data to system-owned files
    Remove Steam service log message being written to Windows event log on service startup

    It seems the second change is the one I reported in my previous post.
     
  18. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    181
    Location:
    Bulgaria
    A new beta update:

    Steam Client Beta - September 3

    The Steam Client Beta has been updated with the following changes

    General

    • Enable search for localized game names in the Steam library
    • The text entry area in the chat window now expands if you are typing long messages

    Windows
    • Fix privilege escalation vulnerability in Steam client service
     
    Last edited: Sep 4, 2019
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.