Share this article

Improve this guide

New Steam vulnerability might put your personal data at risk

2 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Steamis one of the biggest gaming platforms in the world, and it’s used by a lot ofWindows 10users for their daily gaming sessions.

Now, millions ofWindows 10gamers could be at risk because of a “zero-day”securityvulnerabilitythat affectsSteam.

Steam’s security might be compromised

The issue was found by asecurityresearcher,Vasily Kravets, who stated that thevulnerabilitycould open the affected PCs tomalware attacks, data and password stealing, and more.

Here’s what thesecurityresearcher said in hispublic disclosure:

45 days have gone since the initial report, so I want to publicly disclose thevulnerability. I hope this will bringSteamdevelopers to make somesecurityimprovements. So, now we have a primitive to take control on almost every key in the registry, and it is easy to convert it into a complete EoP (Escalation of Privileges). After taking control, it is only necessary to change ImagePath value of the HKLMSYSTEMControlSet001Servicesmsiserver key and start “Windows Installer” service. The program from ImagePath will be started as NT AUTHORITYSYSTEM.

Escalation of Privileges in Steam may lead to data and password loss

This is aprivilege escalationvulnerabilitythat allows an attacker with minimal access permissions to get system admin permissions. This means that malware with these raised privileges could affect your privacy and personal data:

Some of thethreatswill remain even being run without administrator rights. […] the high rights of malicious programs can significantly increase risks, programs could disable antivirus, use deep and dark places to hide and change almost any file of any user, even steal private data.

This issue with theSteamClient Service is pretty big and could lead to many unwanted problems.

Share your thoughts aboutSteam‘s “zero-day”securityvulnerabilityin the comments section below and we’ll continue the talk.

More about the topics:Cybersecurity,windows 10

Vlad Turiceanu

Windows Editor

Passionate about technology,Windows, and everything that has a power button, he spent most of his time developing new skills and learning more about the tech world.

Coming from a solid background in PC building and software development, with a complete expertise in touch-based devices, he is constantly keeping an eye out for the latest and greatest!

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Vlad Turiceanu

Windows Editor

Coming from a solid background in PC building and software development, he’s a Windows 11 Privacy & Security expert.