Since the proof of concept code has already been published, it is likely that we'll see the vulnerability exploited in the wild soon. After Kravets convinced HackerOne that the vulnerability was both valid and serious, his report was sent to Valve and rejected again a few weeks later. His report was initially rejected by HackerOne for being out of scope because the attack required “the ability to drop files in arbitrary locations on the user's filesystem” according to The Register. The vulnerability has not been fixed already because Kravets initially reported it using the HackerOne bug bounty system. Typically researchers wait 90 days before publicly disclosing a vulnerability as it gives the affected businesses time to fix the vulnerabilities in their software.
Kravets disclosed his findings just 45 days after submitting his report on the matter to Valve.
RISK 2 WINDOWS 10 HOW TO
Unfortunately proof of concept code has already been made available by security researcher Matt Nelson and this makes the vulnerability even more serious as potential attackers now know how to exploit it. Kravets discovered a way to modify the system registry so that the Steam service could be used to execute another application but with the same elevated privileges. The vulnerability itself affects the Steam Client Service which launches with full systems privileges on Windows.
0 kommentar(er)
