The Steam program, which gives access to a very popular platform for Valve players, is to have a serious security vulnerability. Almost 100 million users may be vulnerable to a potential attack.
Vasily Kravets was to discover a critical vulnerability in the Steam app. Already 45 days ago he was to contact Valve and inform the company about the problem. Lack of response from the creators of Steam caused that Kravets revealed his discovery through the microblogging service Twitter, which he reported, among others Forbes service.
A serious vulnerability in the Steam application
The Valve security error is related to the Steam Client Service, which runs Windows computers on administrator privileges. Changes in the system registry are to allow its use to users with limited permissions to run programs with full administrator rights.
This means that Steam can be a gateway for hackers to infect devices with malware. A critical vulnerability can be used to easily gain system privileges and to easily execute malicious code. This can lead to the theft of private data and theft of money.
Matt Nelson, who deals with security issues on a daily basis, also had to confirm the existence of a security problem. The problem is to affect over 96 million users of Steam applications on computers with Windows, of which up to 72 percent. uses the latest version 10.
What does Valve do with the Steam vulnerability?
Vasily Kravets pointed out that the vulnerability was initially reported using the HackerOne system (used for error detection), which is supported by Valve. His report was first rejected, but – after another contact – he was right and asked to keep the case secret.
However, the user has recently stated that Steam is doing nothing to fix the vulnerability, so they decided not to wait 90 days (companies are usually given a quarter to release the appropriate security patch). The problem in the public forum was revealed after 45 days, which is to force the developers to respond quickly.
Steam has not yet commented on this matter. The HackerOne team, in turn, indicated that they are currently talking to a “frustrated programmer.”
Remember to have a current anti-virus, here you will find a .