Second Steam Zero-Day Impacts Over 96 Million Windows Users (Aug 21, 2019)
Russian security researcher, Vasily Kravets, has identified a second zero-day vulnerability in the Steam Windows client. The vulnerability is a privilege escalation that could allow an attacker to use Bait-and-Switch, a technique for attackers to run executables with limited rights, compromising the system and running a malicious payload. With a user-base of over 100 million, approximately 96 million users are affected by this vulnerability. Kravets reported the vulnerability to Valve, who banned him from their HackerOne bug bounty program. In responding to the vulnerability, Valve recognized they had made a mistake in turning away Kravets.
Recommendation: Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Threat actors are often observed to use vulnerabilities even after they have been patched by the affected company. As this story portrays, it is crucial that policies are in place to ensure that all employees install patches as soon as they are made available in order to prevent exploitation by malicious actors.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.