Valve Finally Fixes The Steam Remote Code Execution Flaw

Source: Rock, Paper, SHOTGUN Valve Finally Fixes The Steam Remote Code Execution Flaw

They Finally Got To The Source Of The Problem

When you are logged into Steam, generally your only concern was protecting your wallet and avoiding bad trades with strangers.  However there was a much more sinister issue which Valve knew about but had not fixed until the people who discovered the remote code execution made it public.

There was a flaw in the Source Engine which allowed a nefarious person to gain control of your machine with a simple Steam invite.  For whatever reason, when you accept an invite there was no actual limitation on what program was launched by that invite and a crafty hacker could launch anything they felt like on your machine.

That is just one vector for the remote code execution to be leveraged, for instance a person of low morals could create a public TF2 server, wait until there were a number of users playing and then leverage the security flaw to launch code on the machines of every single person connected to the server.  The same goes for CS:GO and other less popular Source Engine games.

Now that it has been patched, Secret Group is working on releasing the full technical details on the flaw to the public.  If you are curious what the bug was you should keep an eye out on their Twitter feed, which Rock, Paper, SHOTGUN linked to in their post.

Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!