Get a Pentest and security assessment of your IT network.

Cyber Security

Steam Patches LPE Vulnerabilities in Beta Version Update

Security researcher Vasily Kravets (PsiDragon) released a proof of concept (PoC) for a second vulnerability in Steam client for Windows leading to privilege escalation. The vulnerability could be exploited using a command prompt window running with SYSTEM account privileges, the highest for a user on Windows. A few days later, Valve published a patch for the vulnerability, but could be easily bypassed by a way around the fix. On August 20, another researcher discovered another LPE in the Steam client, but he could not report it because after publishing his previous zero-day, he had been banned from Valve’s HackerOne bug bounty program.

Source: https://www.bleepingcomputer.com/news/security/steam-patches-lpe-vulnerabilities-in-beta-version-update/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation