Steam security is vulnerable for 72 million of Windows 10 users thanks to zero day exploit
1 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more
Valve may have the biggest PC gaming storefront with Steam but their popular storefront may not be very secure for millions of Windows 10 gamers.
Discovered by “Windows Privilege Escalator” Vasily Kravets, Valve’s digital video game megastore is vulnerable to a “zero day” exploit. After discovering the vulnerability, Kravets submitted his findings to Steam. Steam has not responded.
“45 days have gone since the initial report, so I want to publicly disclose the vulnerability,” Kravets said. “I hope this will bring Steam developers to make some security improvements.”
Kravets’ discovery is a huge issue for Windows gamers. His findings are worrisome: his discovery of a privilege escalation exploit allows any attacker to gain the same permissions as a Steam admin. Windows 10 users would be open to a variety of attacks including, but not limited to, the following: remote installation of malware; data theft; password leaks; viewing of private information and more.
“Some of the threats will remain even being run without administrator rights,” Kravets said. “the high rights of malicious programs can significantly increase risks, programs could disable antivirus, use deep and dark places to hide and change almost any file of any user, even steal private data.”
