Valve Resolves Steam Gaming Client Vulnerability

The games company Valve Corporation known primarily for their gaming client Steam have updated it to resolve a critical vulnerability which has been inadvertently present within Steam for the last 10 years.

Why should this vulnerability be considered important?
Due to the many millions of Steam users and the fact this vulnerability is remotely exploitable (since the attacker does not need to first have access to the victim system) makes this vulnerability more serious. An attacker would only have needed to send malformed UDP (defined) packets to a victim system for it to have Steam carry out instructions of their choice.

This vulnerability was a buffer overflow (defined) within one of Steam’s internal libraries (the general concept of a code library is defined here); more specifically code that dealt with UDP datagram reassembly.

How can I protect myself from this vulnerability?
In July 2017, the Steam client added Address Space Layout Randomisation (ASLR)(defined) making exploitation of the vulnerability more difficult which would then only crash the Steam client. If however an attacker combined an information leak which exposed the memory address of vulnerable library, even with ASLR enabled the result would have been the same.

Valve patched this vulnerability on April 4th. The Steam client by default updates automatically. Please open it and allow it to update to resolve this vulnerability.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.