Steam Windows Client Zero-day Privilege Escalation Vulnerability Affects Over 125 Million Users


Steam Windows Client

The Steam windows client privilege escalation vulnerability allows an attacker with normal user privilege can run arbitrary code as an administrator.

The Zero-day vulnerability was discovered by Vasily Kravets and the vulnerability resides in the Steam Client Service which was installed by steam for some internal purpose.

Steam Windows Client

While reviewing the SDDL (Security Descriptor Definition Language), the researcher noted that any user associated with the group “Users” are allowed to start and stop the programs. The SDDL is a string that defines user access rights in the text form.

Regardless of the user permission Steam sets explicit key permissions, full control for all the users under “Users” group, and the same permission inherited for all the subkeys and their subkeys.

Read more…