Independent researcher Vasily Kravets found a loophole Steam gaming platform. Kravets said that all Windows versions of the Steam client there is this vulnerability that could allow hackers to upgrade rights on the victim computer to the highest levels of privilege, to manipulate the client victims.
Kravets found that users get a list of sub-item under "HKLM \ Software \ Wow6432Node \ Valve \ Steam \ Apps" master registry key. "Here, I found HKLM \ SOFTWARE \ Wow6432Node \ Valve \ Steam on the 'user' group has a clear 'full control', and these permissions inherits all the sub-keys and their sub keys," Kravets explained. The results show that by using a symbolic link attack, a child can access the registry key. This means that hackers can be upgraded by using a symbolic link attack to the highest privilege management authority.
Steam has over 10 million registered users and 90 million active users worldwide, these vulnerabilities can have a significant impact. After the details of this vulnerability Kravets announced, Steam has updated its clients. However, Kravets said that security patches are not available.