Steam fixes 10-year-old critical remote code execution vulnerability

A exposure in the Steam guest was an open door to hackers for more than 10 years. The vulnerability was discovered by security system researcher Tom Court of Contextis, who warned Steam and the good intelligence is that it was quickly shut pop away Steam developers Valve.

According to Court, Steam software allowed malicious hackers to carry remote codification execution attacks. Therein way, it was possible to control a user's machine – The exposure was highly crucial since more 15 million people are victimisation Steam.

This happened because Steam sent UDP (Drug user Datagram Protocol) packets to communicate with the client. The UDP packet is similar to TCP (TCP), however, IT is faster. To exploit the vulnerability, an attacker only had to send an altered UDP packet.

According to Valve, in that respect is no indication that spiteful hackers took advantage of the vulnerability

"The fault was caused by the petit mal epilepsy of a pandurate check to ascertain that for the foremost bundle of a fragmented datagram the specific packet size up is less than or equal to the complete distance of the datagram. present for all subsequent packets carrying fragments of the datagram," noted the researcher in his blog.

After the Steamer client encountered this unsuccessful person, the computer storage limits of the software were popped upward in one of the libraries. In this way, the node became a door open to hackers.

According to Valve, there is no indication that malicious hackers took advantage of the vulnerability. If you have Steam clean on your simple machine, guarantee that the latest version is installed.

I am a U.K.-based cybersecurity journalist with a passion for covering the latest happenings in cyber surety and tech world. I am also into gaming, reading and investigatory journalism