Valve Finally Fixes The Steam Remote Code Execution Flaw
They Finally Got To The Source Of The Problem
When you are logged into Steam, generally your only concern was protecting your wallet and avoiding bad trades with strangers. However there was a much more sinister issue which Valve knew about but had not fixed until the people who discovered the remote code execution made it public.
There was a flaw in the Source Engine which allowed a nefarious person to gain control of your machine with a simple Steam invite. For whatever reason, when you accept an invite there was no actual limitation on what program was launched by that invite and a crafty hacker could launch anything they felt like on your machine.
That is just one vector for the remote code execution to be leveraged, for instance a person of low morals could create a public TF2 server, wait until there were a number of users playing and then leverage the security flaw to launch code on the machines of every single person connected to the server. The same goes for CS:GO and other less popular Source Engine games.
Now that it has been patched, Secret Group is working on releasing the full technical details on the flaw to the public. If you are curious what the bug was you should keep an eye out on their Twitter feed, which Rock, Paper, SHOTGUN linked to in their post.
Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite.
More Tech News From Around The Web
- Total War: Rome Remastered shows off quality of life updates in new trailer @ Rock, Paper, SHOTGUN
- Sony Set To Announce ‘PlayStation Plus Video Pass’ @ Slashdot
- Wasteland 3’s first story expansion launches in June with new conflicts @ Rock, Paper, SHOTGUN
- Humble Spring Into VR Bundle
- The Portal Reloaded mod adds a time travel portal and 25 new puzzles @ Rock, Paper, SHOTGUN
- Humble Down to Earth Bundle
- Outriders’ DLSS does a lot more than just improve performance @ Rock, Paper, SHOTGUN
- Resident Evil Village 1 hour demo coming to PC in May @ HEXUS
- Every DLC for Max Payne 3 and L.A. Noir is now free on PC @ Rock, Paper, SHOTGUN