Do you like playing games on Steam? If so, you need to pay attention to this news. It is reported that steam security is vulnerable for millions of Windows gamers. Come to this post, you will get some useful tips to mitigate the security risk.
About Steam Security Risk Warning
Steam, a widely popular gaming platform used by millions of gamers, is vulnerable to a “zero-day” security vulnerability, experts have warned. According to the new findings, this security vulnerability makes around 72 million Windows users take the risk of having their system taken over by attackers, then they install malware, compromised passwords and more.
Steam security risk warning was revealed by the researcher Vasily Kravets, who found a privilege escalation vulnerability could give an attacker with minimal user permissions to get the same level of access as the system administrator.
Some of the threats caused by the vulnerability will keep running even without administrator rights. The high rights of malicious applications could increase security risks, disable antivirus feature, and even steal private data like credit passwords.
You may also be interested in Critical Windows 10 Warning: Millions of Users at Risk.
Why This Issue Has Not Been Fixed Yet?
Although Kravets submitted his report about Steam security risk waring, but the affected businesses need some time to fix the vulnerabilities in their software.
According to the initial report, the reason why the vulnerability has not been fixed yet is due to the HackerOne bug bounty system supported by Steam. The Register reported that it was rejected by HackerOne for being out of scope because the attack required “the ability to drop files in arbitrary locations on the user's file system”.
However, this researcher still convinced HackerOne is responsible for this valid and serious vulnerability, and the Steam gamers warned of Windows 10 security risk report was sent to Valve but rejected again a few weeks later.
“We understand hackers are passionate about their work and security and we have policies in place to handle their concerns, with the last resort being public disclosure after 180 days have elapsed without the security team setting a vulnerability disclosure deadline,” a HackerOne spokesperson says, and continuing “we have now re-opened the issue and are in dialogue with the hacker in question to work through the frustration”.
What Can Windows 10 Gamers Do to Mitigate the Security Risk?
According to the proof of concept code published by John Opdenakker, an ethical hacker, it could be a matter of time before this is exploited in the wild soon.
When it comes to this problem critical Steam security warning, the critical thing you just need to remember is that the attacker needs access to the target PC to begin with. So, there are several tips with regard to stopping the vulnerability from happening:
- Do not install any cracked applications.
- Do not use the same passwords for multiple services and sites.
- It would be better employ two-factor authentication if possible.
- Never click any links in unsolicited emails.
- Apply operating system patches and the latest system updates.
- Install the safe and effective antivirus software.