CVE-2020-15530

Name of the Vulnerable Software and Affected Versions Valve Steam Client version 2.10.91.91

Description An issue was discovered in the Valve Steam Client. The installer allows local users to gain NT AUTHORITYSYSTEM privileges because some parts of %PROGRAMFILES(X86)%Steam and/or %COMMONPROGRAMFILES(X86)%Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.

Recommendations For Valve Steam Client version 2.10.91.91, consider restricting access to the weakly permissioned parts of %PROGRAMFILES(X86)%Steam and/or %COMMONPROGRAMFILES(X86)%Steam to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.