An independent researcher, Vasily Kravets found a loophole in the steam game platform. Kravets said that all Windows versions of the Steam client exist this vulnerability, which allows hackers to escalate privilege on the victim’s computer to the highest level of permissions, thereby manipulating the victim’s client.
Kravets discovered that the user is given a list of the subkeys under the “HKLM\Software\Wow6432Node\Valve\Steam\Apps” main registry key. “Here I found that HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit ‘full control’ for ‘users’ group, and these permissions inherit for all subkeys and their subkeys,” Kravets explained. The results show that by using a symbolic link attack, the subkey gets access to the registry key. This means that hackers can escalate privilege to the highest administrative privileges by using symbolic link attacks.
Steam has more than 1 billion registered users and 90 million active users worldwide, such vulnerabilities can have a significant impact. After Kravets announced the details of the vulnerability, Steam has updated its client. However, Kravets said the security patch did not work.