As was earlier reported, Valve has released a patch that removes the Steam Privilege Elevation Vulnerability (LPE) vulnerability for Windows systems.Nevertheless, experts in the field of cybersecurity believe that the problems are still relevant for this software.
Initially, Valve did not want to release updates to eliminate this gap, and told this experts who discovered it – Vasily Kravets and Matt Nelson. But then a wave of indignation rose among company’s users and management had to change its mind and to release a patch.
“To fix this, in the Steam Client Beta Valve made it so that the Steam service would check the subkeys of the HKLM\Software\Wow6432Node\Valve\Steam\Apps Registry key using the RegQueryValueExA function“, — comments Steam to Bleepingcomputer.
However, Mitja Kolsek, co-founder of 0Patch and security researcher, said that the released update is not enough to completely eliminate a vulnerability that could lead to an increase in system rights.
According to Kolsek, Valve fixed one of the vulnerabilities, but the problem is that the Steam Client Service has a number of similar security holes that experts have been warning about for a long time.
Attackers can use these flaws to escalate the privileges of their malware on the system. Mitya Kolsek specified that an attacker could exploit current vulnerabilities using a method known as “DLL hijacking” (interception of a DLL).
“A loophole for cybercriminals exists because the USERS group has full access to the Steam installation folder – C: \ Program Files (x86) \ Steam. This means that an attacker can simply replace the DLLs in this directory with malicious copies“, – said Mitja Kolsek.