News

Steam gamers: your Windows PC is prone to privilege escalation attacks

Steam, a popular video game platform is vulnerable to privilege escalation attacks. On Windows PCs, Steam creates installation directories with improper permissions.

This can let a user, an attacker, or worse, malware abuse Steam executables to escalate privileges.

This week, Will Dormann, a vulnerability analyst at CERT/CC tweeted “You probably shouldn’t make your install dir world-writable. Unexpected stuff could happen.”

In his tweet, Dormann was referring to how his vulnerability report on the issue was closed by Valve—the company behind Steam.

According to Dormann, the company cited that “file placement” attacks were out of scope and closed his vulnerability report without further action.

The analyst further advised in the same thread, “Don’t run games on systems you care about, folks.”

“My bug was marked duplicate of a bug that was closed a year and a half ago. I don’t get the impression that they’re fixing it.”

On digging deeper, it seems Steam has received similar reports before concerning privilege escalation vulnerabilities either via Windows registry attacks or through file permissions, that were all dismissed.

For example, an advisory for a five-year-old vulnerability, CVE-2015-7985, states that the weak default permissions on Steam installation folders grant Windows users in a group both read and write access.

This means an attacker or a malicious program can modify or replace steam.exe with an arbitrary malicious binary.

Since steam.exe typically launches itself automatically on start, if an administrator was to log onto a shared system, the malicious code (now disguised as steam.exe) would execute with full admin rights, which can wreak havoc on the system and the network it is present on.

Likewise, another user had tweeted last year how Steam’s VDF files could be abused to launch arbitrary executables and gain persistence.

It does not appear the company plans on fixing these trivially fixable, yet serious flaws anytime soon.

In the meantime, users should refrain from installing Steam on mission critical systems.

Security Report reached out to Valve for comment but we did not hear back.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

11 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

11 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

11 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

11 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.