Steam Zero-Day Vulnerability Affects Millions of Users (Aug 8, 2019)
Popular PC gaming platform Steam is vulnerable to a zero-day security vulnerability, experts have warned. According to new findings, approximately 72 million Windows users are at risk of having their systems taken over by a threat actor who could then compromise passwords, install malware, and steal data. The vulnerability was disclosed by security researcher Vasily Kravets, who discovered a privilege escalation vulnerability which could allow an attacker with minimal user permissions to gain the same levels of access as the system administrator. The vulnerability affects the Steam Client Service which launches with full systems privileges on Windows. Proof-of concept-Code (POC) has been made available online. This makes the vulnerability more likely to be attempted to be exploited be threat actors of varying levels of sophistication, making the vulnerability even more serious as potential attackers now know how to exploit it. At the time of this writing, Valve Corporation, the developer behind the Steam platform, have not yet fixed the vulnerability.
Recommendation: Threat actors have targeted gaming clients in the past, and it is likely that they will continue to do so as long as there is a chance to make an illicit profit. The high number of Steam users, many of which purchase games through the client, may have financial data saved from previous purchases that could be stolen. Furthermore, exploitation of the vulnerability could allow an actor to conduct other forms of malicious activity on a targeted Windows machine. To prevent falling victim to an attack, it is recommended that users follow standard security protocols including not using pirated software, not reusing passwords for multiple sites and services, and employing two-factor authentication. Users should be applying the latest system updates and patches since an attacker would need access to a user's system to exploit this particular vulnerability.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.