DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
August 20, 2019 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 146 people online.

 

Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
 

Follow us
RSS
 

Steam vulnerability can give malware full access to your system

Posted on Thursday, August 08 2019 @ 12:21:39 CEST by


Steam logo
After unsatisfactory dealings with HackerOne, which runs the Steam bug bounty program, security researcher Vasily Kravets publicly disclosed a 0-day escalation exploit in the Steam Client Services. The vulnerability allows malware to bypass Windows security and gain access to SYSTEM level privileges.
The vulnerability lies within Steam Client Service. The service may be started or stopped by unprivileged users. This becomes a problem because, when run,Steam Client Service automatically sets permissions on a range of registry keys. If a mischievous—or outright malicious—user were to symlink one of these keys to that belonging to another service, it becomes possible for arbitrary users to start or stop that service as well. This becomes even more problematic when you realize that it's possible to pass arguments to services that run under extremely privileged accounts—such as msiserver, the Windows Installer service.
Following several rejections from HackerOne, Kravets decided to publicly disclose the flaw. Full details at ARS Technica.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba