Home Latest Cyber Security News | Network Security Hacking Valve Finally Patched A Steam RCE Vulnerability That Waited A Fix For Two Years
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Valve Finally Patched A Steam RCE Vulnerability That Waited A Fix For Two Years

by Abeerah Hashim
written by Abeerah Hashim
ownCloud vulnerabilities

Valve, the giant behind the popular gaming platform Steam, had lately addressed a years-old flaw. The vulnerability that received the fix could allow RCE attacks by sensing malicious Steam game invites.

Steam RCE Vulnerability Exploiting Game Invites

A security researcher with alias Florian has recently disclosed a vulnerability that affected the Steam engine. The vulnerability could allow remote code execution (RCE) attacks merely by sending malicious game invites.

Sharing the details in a post, the researcher revealed that inviting friends on Steam allows a gamer to add arbitrary commands to the invite (if the game hasn’t started). This could mean making trivial tweaks such as modifying the game language, sensitivity, resolution, and more.

While that already sounds like an issue, what made it a security flaw is the Source RCON Protocol. It allows server owners to execute commands in the context of their game servers. Abusing this feature would allow RCE attacks.

Technical details of this bug are available in the researcher’s post. Whereas the following video is a demonstration of the PoC.

Patch Arrived After Two Years

Being a vulnerability in the game engine, the bug indirectly affected numerous games as well, including Team Fortress 2 and Counter Strike: Global Offensive.

The researcher first reported the flaw to Valve back in 2019 via HackerOne. However, the bug remained unpatched despite its severity.

Recently, Motherboard also reported in detail how this flaw affected CS:GO gamers by allowing full system takeover by an attacker.

Finally, after all these reports, Valve has deployed a fix for this bug on April 17, 2021. The vulnerability has received the ID CVE-2021-30481 and a critical severity rating with a score of 9.0.

While Valve has addressed this bug in Steam after about two years, the platform still isn’t secure enough yet. Many other researchers have also reported a delayed response from Valve in addressing security bugs. Still, many more flaws await a patch. Therefore, all gamers should remain very careful for potential cyberattacks.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses