Steam Client vulnerability found

[clicks stopwatch] Let's see how long it takes Valve to patch it now that it's in the spotlight.
 
Last edited:
News topics get posted in multiple places all the time. No need to get your knickers in a twist over it.

Who said I got my "knicker in a twist" I am simply reporting a redundant post so it can be combined or fixed.
Criticisms or corrections does not need to be negatively fueled.

it is sad though that so many ppl think of corrections as an attack these days.
 
It was on the "top 10" list when it was posted. That's why I knew
I don’t use the top 10 list.

I use mengay/soapbox/news/FSFT.

This is important enough that cross posting isn’t a big deal.

Even el jefe agrees.

We’re all happy you knew but now a whole lot more do. Now go untwist those dirty knickers.
 
I don’t use the top 10 list.

I use mengay/soapbox/news/FSFT.

This is important enough that cross posting isn’t a big deal.

Even el jefe agrees.

We’re all happy you knew but now a whole lot more do. Now go untwist those dirty knickers.

You sure seem very aggravated for someone telling other people to untwist their knickers
Did you get offended that I tried to avoid the split topic debate?
 
You sure seem very aggravated for someone telling other people to untwist their knickers
Did you get offended that I tried to avoid the split topic debate?
Aggravated? I was just thanking the OP for posting it here and correcting you for trying to be snarky about it being buried in some sub forum people don’t surf to.

Maybe go back to the other sub forum if that’s where you want to have your discussion? Especially since you’ve added 0 to the discussion other than attempts to derail it.
 
So Valve hasn't even acknowledged it, and the ppl at HackerOne keep saying it is out of scope, just because he used a 3rd party utility to make reg adds easier? That shit is not hard to do all commandline...

ugh..
 
Aggravated? I was just thanking the OP for posting it here and correcting you for trying to be snarky about it being buried in some sub forum people don’t surf to.

Maybe go back to the other sub forum if that’s where you want to have your discussion? Especially since you’ve added 0 to the discussion other than attempts to derail it.

Why are you thanking op by responding to me? Seems like a far fetched "backpedaling"

I'm pretty sure "Now go untwist those dirty knickers." is not a thanking of the op.
 
So Valve hasn't even acknowledged it, and the ppl at HackerOne keep saying it is out of scope, just because he used a 3rd party utility to make reg adds easier? That shit is not hard to do all commandline...

ugh..

Correct
Seems like HackerOne was to quick to dismiss it from the article.
 
Wow I might be elevated to Admin in my own Admin account on my own PC.

The real problem here is 'remote' and how remote access can be left on at all. There should be a clear 'allow remote access' button defaulted to off and the majority of users security risk like this goes to near zero.
 
Why are you thanking op by responding to me? Seems like a far fetched "backpedaling"

I'm pretty sure "Now go untwist those dirty knickers." is not a thanking of the op.
Because you keep tagging me to come back.

I also see that you’ve still added 0 to the conversation.

So great work, I guess.

I’m not backpedaling, you can’t seem to handle just being wrong.

Here we are with two whole threads in two sub forums and look the world is still spinning blessed by Kyle himself. This one that gets more unique views than the sub forum you linked.

So keep up the good work at trying to be snarky then defending it to the death.
 
So Valve hasn't even acknowledged it, and the ppl at HackerOne keep saying it is out of scope, just because he used a 3rd party utility to make reg adds easier? That shit is not hard to do all commandline...

ugh..

Gabe and company are hard at work on a fix as we speak...it's on the to do list right after finishing Half Life 3
 
Gabe and company are hard at work on a fix as we speak...it's on the to do list right after finishing Half Life 3

Wrong. Half-Life 3 was finished long ago. If you need proof, tell me where it is.

tee hee hee
 
Half-Life 3 obviously needs administrative rights to run, because it's so incredible it replaces windows with CitadelOS

How do you disable remote access on windows 10? I use win specifically for games and nothing else.. my start menu still yells that it wants to get to know me better all the time too
 
I don’t use the top 10 list.

I use mengay/soapbox/news/FSFT.

This is important enough that cross posting isn’t a big deal.

Even el jefe agrees.

We’re all happy you knew but now a whole lot more do. Now go untwist those dirty knickers.

I use the Bottom 10 List. Makes my X58 rig feel current and edgy.
 
I might be missing something but it sounds to me like it requires either the ability to download and execute a file or downloading a malicious game directly from Steam, if that's the case it seems like a rather narrow attack vector. Obviously any escalation of privileges exploit is something that needs to be fixed but I'm more concerned the group they use to screen exploit reports didn't feel like it was something worth fixing at all.
 
You'd think after the FighterAce thread people would learn not to dig themselves into a hole. :p
 
I mean fighterace turned off notifications though.

Dastardly bastard he is.
h0C1582AC.jpg
 
I might be missing something but it sounds to me like it requires either the ability to download and execute a file or downloading a malicious game directly from Steam, if that's the case it seems like a rather narrow attack vector. Obviously any escalation of privileges exploit is something that needs to be fixed but I'm more concerned the group they use to screen exploit reports didn't feel like it was something worth fixing at all.

There are thousands of games from thousands of developers on steam, many of them from no name indy developers. Thats a large amount of people that could sneak an exploit into their game.

But you don't just have to worry about the developers being malicious, a hacker could compromise a developer and put the hack in their game without them knowing. There are a lot of exploits around doing that and a lot of amateur developers on steam.

And you also have to worry about every other program you decide to download and run getting unrestricted access just because you have steam installed.
 
There are thousands of games from thousands of developers on steam, many of them from no name indy developers. Thats a large amount of people that could sneak an exploit into their game.

But you don't just have to worry about the developers being malicious, a hacker could compromise a developer and put the hack in their game without them knowing. There are a lot of exploits around doing that and a lot of amateur developers on steam.

And you also have to worry about every other program you decide to download and run getting unrestricted access just because you have steam installed.

Those are all reasons to patch it but not reasons to worry about it IMO.

The only games I would worry about are sketchy looking f2p or trading card oriented games which I would never install and it's unlikely a dev would get their steam account hacked. Not to mention most people wouldn't think twice about UAC popping up when installing a game anyways so there's not much benefit.

You should always be careful of anything you download and run and once again when I do run something it usually pops a UAC warning anyways which is all this avoids. Apparently the POC also breaks both steam and msiserver which means it's anything but stealthy and a broken installer service would help limit any further damage.
 
the best thing about this thread isnt the news but those 2 guys fighting
The first rule of Fight Club: You do not talk about fight club.
The second rule of Fight Club, you DO NOT talk about fight club..

I might be missing something but it sounds to me like it requires either the ability to download and execute a file or downloading a malicious game directly from Steam, if that's the case it seems like a rather narrow attack vector. Obviously any escalation of privileges exploit is something that needs to be fixed but I'm more concerned the group they use to screen exploit reports didn't feel like it was something worth fixing at all.

Nothing needs downloaded for this attack vector, it can all be done with command line. The guy showing it to HackerOne used a utility that makes registry adds easier, but that is not at all necessary to pull this off.

The shit needs fixed...
 
Nothing needs downloaded for this attack vector, it can all be done with command line. The guy showing it to HackerOne used a utility that makes registry adds easier, but that is not at all necessary to pull this off.

The shit needs fixed...
From what I read it used that to create the symlinks required for the escalation of privileges but still required downloading and executing a malicious file. I could be wrong though since the Ars article is a mess, they spend half the time ranting and don't do a very good explaining critical steps.

I do agree it needs fixed and Valve certainly deserves some flack for handling it poorly but I don't see this as a very scary exploit.
 
From what I read it used that to create the symlinks required for the escalation of privileges but still required downloading and executing a malicious file. I could be wrong though since the Ars article is a mess, they spend half the time ranting and don't do a very good explaining critical steps.

I do agree it needs fixed and Valve certainly deserves some flack for handling it poorly but I don't see this as a very scary exploit.

Yes you still need to DL a malicious file, but the argument is that with the 100k+ (just a number I picked outta my rest end) different games on Steam and with the fact that Valve doesn't not inspect source code at all means it would be very easy for a "developer" to do this knowingly not unknowingly due to bring comprised on their end.


HackerOnr should lose their bug bounty program from Valve over this. The guy got Fed up and just decided to scorch the Earth to bring attention to it. I dunno if that was right or wrong, but Valve cannot ignore it anymore.
 
From what I read it used that to create the symlinks required for the escalation of privileges but still required downloading and executing a malicious file. I could be wrong though since the Ars article is a mess, they spend half the time ranting and don't do a very good explaining critical steps.

I do agree it needs fixed and Valve certainly deserves some flack for handling it poorly but I don't see this as a very scary exploit.
Most attack vectors require downloading something. It doesn't have to be through Steam in this case, it could be anything. The issue is that this exploit doesn't require special privileges, so it can be trivially executed and your whole PC could be compromized without gaining access to admin rights. This is a huge issue.
 
  • Like
Reactions: Aix.
like this
Back
Top