Valve may have the biggest PC gaming storefront with Steam but their popular storefront may not be very secure for millions of Windows 10 gamers.
Discovered by “Windows Privilege Escalator” Vasily Kravets, Valve’s digital video game megastore is vulnerable to a “zero day” exploit. After discovering the vulnerability, Kravets submitted his findings to Steam. Steam has not responded.
“45 days have gone since the initial report, so I want to publicly disclose the vulnerability,” Kravets said. “I hope this will bring Steam developers to make some security improvements.”
Kravets’ discovery is a huge issue for Windows gamers. His findings are worrisome: his discovery of a privilege escalation exploit allows any attacker to gain the same permissions as a Steam admin. Windows 10 users would be open to a variety of attacks including, but not limited to, the following: remote installation of malware; data theft; password leaks; viewing of private information and more.
“Some of the threats will remain even being run without administrator rights,” Kravets said. “the high rights of malicious programs can significantly increase risks, programs could disable antivirus, use deep and dark places to hide and change almost any file of any user, even steal private data.”