A second Steam Windows client zero-day privilege escalation vulnerability affecting over 96 million users has been publicly disclosed today by Russian researcher Vasily Kravets. The privilege escalation (also known as an elevation of privilege or local privilege escalation) security flaw can allow attackers with limited rights to use a technique known as BaitAndSwitch to run executables using the Steam Client Service’s NT AuthoritySYSTEM elevated permissions. This would allow potential attackers to launch a three-stage attack by exploiting a vulnerability in a Steam game, a Windows app, or the OS itself.
Source: https://www.bleepingcomputer.com/news/security/second-steam-zero-day-impacts-over-96-million-windows-users/

