New Steam Windows client privilege escalation vulnerability impacts over 96 million users
- The vulnerability could allow an attacker to launch a three-stage attack by exploiting a vulnerability in a Steam game, a Windows app, and the OS, and gain SYSTEM permissions on the compromised machine.
- This would allow the attackers to disable firewall, antivirus and rootkit installation, steal any Windows user’s private data, hide the process-miner, and more.
What is the issue?
Security researcher Vasily Kravets has disclosed a second privilege escalation zero-day vulnerability in Steam that impacts over 96 million Windows users.
More details on the vulnerability
This privilege escalation vulnerability could allow attackers with limited rights to use a technique known as BaitAndSwitch and run executables using the Steam Client Service's NT AUTHORITY\SYSTEM elevated permissions.
This would allow the attackers to launch a three-stage attack,
- by exploiting a vulnerability in a Steam game,
- by exploiting a vulnerability in a Windows app,
- by exploiting a vulnerability in the OS.
Upon which, the attackers' gain remote code execution privileges on the compromised device that enables them to run a malicious payload using SYSTEM permissions.
What is the impact?
This privilege escalation vulnerability could allow an attacker to disable firewall, antivirus and rootkit installation, steal any Windows user’s private data, hide the process-miner, and more.
“Despite any application itself could be harmful, achieving maximum privileges can lead to much more disastrous consequences. For example, disabling firewall and antivirus, rootkit installation, concealing of process-miner, theft any PC user’s private data — is just a small portion of what could be done,” the researcher said.
The researcher also created two video demos (1, 2) for this latest Steam privilege escalation vulnerability, describing how attackers could gain SYSTEM permissions on any Windows system by exploiting the vulnerability.