Security researcher Vasily Kravets (PsiDragon) released a proof of concept (PoC) for a second vulnerability in Steam client for Windows leading to privilege escalation. The vulnerability could be exploited using a command prompt window running with SYSTEM account privileges, the highest for a user on Windows. A few days later, Valve published a patch for the vulnerability, but could be easily bypassed by a way around the fix. On August 20, another researcher discovered another LPE in the Steam client, but he could not report it because after publishing his previous zero-day, he had been banned from Valve’s HackerOne bug bounty program.
Source: https://www.bleepingcomputer.com/news/security/steam-patches-lpe-vulnerabilities-in-beta-version-update/