>steam refuses to patch a 0day that can take over the computers/passwords of every single windows steam user >now its public on github for anyone to exploit >steam still don't do shit
>“I choose key HKLM\SYSTEM\ControlSet001\Services\msiserver that corresponds with the service “Windows Installer”, which can be started by any user, same as Steam’s service, but run program as NT AUTHORITY\SYSTEM.” >“After taking control, it is only necessary to change ImagePath value of the HKLM\SYSTEM\ControlSet001\Services\msiserver key and start “Windows Installer” service. The program from ImagePath will be started as NT AUTHORITY\SYSTEM.”
>logging into a steam account on a public computer in a shitty arcade You fucking deserve to be doxxed for your stupidity
Josiah Price
Stop scaring me, faggot.
Jose Turner
Why should I care?
Cameron Wilson
this is not how it works, ANY script that call to steam service on any website can execute anything as admin or any random update on any shitty f2p game on steam
Jackson Gomez
>you don't own your games >you don't even own your passwords >you don't own nothin'
>The privilege escalation researcher Felix reported the vulnerability to Valve via HackerOne. He says HackerOne reviewed and confirmed the flaw and reported that they sent the vulnerability to Valve. Felix commented in his post that: “45 days have gone since the initial report, so I want to publicly disclose the vulnerability. I hope this will bring Steam developers to make some security improvements.”
So this is the power of a billionaire company uh
Juan Reyes
Finally someone made a proper thread.
Now you drones have no more escape.
Cooper Ward
Privilege escalation on Windows is not even a vulnerability, you just assume anything can become admin because that's how it always has been and that's how it always will be.
Is not about your steam passwords you retarded piece of shit, its about everything on your computer including your computer itself, you can get your drive encrypted and ransomwared
Chase Diaz
then i'll just get a new hard drive doesnt matter to me LMAO
Jose Kelly
Do you have actual proof of concept? CVE details? Anything sourced besides your ass?
>Some weeks later, another (third) H1 member marked report as “N\A”. Now there were two causes: «Attacks that require the ability to drop files in arbitrary locations on the user's filesystem» and «Attacks that require physical access to the user’s device». Here I realized that Valve has no interest in EoP vulnerabilities.
Yeah, makes sense. This is the general rule of thumb. If someone has physical access to your machine, then its assumed they've compromised it anyways. Nobody cares about local exploits.
Ryder Nelson
>steamcucks stay silent and ignore the thread
imagine if this was in EGS
Jace Rodriguez
this is a vulnerability on steam that will get patched, epic client is malware on its own
Charles Morgan
How about you stop using steam?
There’s another, better digital game platform. And it’s called Epic Game Store.
Nolan Baker
all I see is that DRM is cancer, Steam less so but its cancer nontheless
What's the point of exploits that you need physical access for?
Adam Brooks
>stop using steam ok >use epic haha no anything else?
Thomas Campbell
i love beijing tiananmen
Gabriel Gomez
OH NONONONONO THE TRANNIES SAYING EGS IS SPYWARE WERE BSING ALL ALONG
Ayden Green
>I dont know what an embargo is It's only been known by a few people, the researcher, the people who he's turning the exploit in to, and anyone else who may have found the exploit probably also researchers. glow in the darks
>valve drones intentionally lie about egs being spywere >meanwhile this shit is actually happening to steam are valve cucks the most disingenuous faggots possible?
William Hill
Ok so now tell me exactly how this exploit is going to hurt me epicfags.
>every week get an email because someone is trying to login to my epic account >every week don't get an email because someone is trying to login to my steam account
If you let bad man onto your computer in real life, they can do bad things like force Steam to give them escalated privileges even though everyone just uses an administrator account anyways.
Adam Cruz
how bout origin? does origin have this issue? How about uplay?
Anthony Ortiz
Don't need to read it because I don't care chink.
Carson Lopez
Hey chang, I don't know if you're aware, but writing to HKLM requires admin in the first place, so the EoP is pratically useless
David Taylor
He looks like that dog. You know the one, that one.
Robert Scott
it's a fucking physical access exploit besides net cafe third worlders, who cares?
Ryan Edwards
just the opposite for me, I get dozens of account recovery requests for my steam account every month, nothing for my epic account.I figure it's cause I've got about 3000 games on steam. I have 2fa on both at least but it's a real fucking hassle.
Brandon Diaz
>egsniggers thinking this means anything and spamming like the retards they are while steamchads know it's literally nothing
it's gonna take major abuse or half a year until valve will fix it. idk what the fuck valve is doing but it really feels like they have 6 million accountants and maybe 5 people actually coding stuff.
>it's gonna take major abuse it's not even going to affect a single person
William Allen
a billionaire dog user
Ian Taylor
Annoy Jason Schreier enough and he might take a look.
Tyler Mitchell
>send your laptop to repair >mr repairman uses this exploit and gets all your data
an unpatched expoit is still an expoilt u fucking drone
Hunter Ortiz
nice try Zhang
Jackson Ward
THIS MATTERS BECAUSE STEAM DOESN'T EVEN CURATE ANYMORE YOU FUCKING DRONES
SO ANY SHMUCK CAN GET IDIOTS TO DOWNLOAD THEIR F2P STEAM GAME AND FROM THERE SHIT'S OVER
EPIC MIGHT BE SPYWARE BUT STEAM LITERALLY IS A BACKDOOR FOR SPYWARE
Liam Butler
>laptop literally fuck off and kys
Justin Long
Basically someone who is physically at your computer and logged in can now give admin privilege to a program without clicking the "run as admin" pop-up
Jacob Ramirez
>he thinks some gook/gopnik hacker man will waste their time holding your humble bundle games and futa porn hostage for 50 ETH
Im not saying its impossible, just that its not going to happen in your lifetime. same with meltdown/specter. no one is going to steal your porn bro.
>sue repairman >get enough money to buy steam account library over and over wow its almost like people who are at work still have to follow rules and have ethics
The thing is that nerd wants a bounty and valve ignored his ass because it's a local exploit not applicable to their bounty program The retard went to Reddit to shill his shit, and journos took the story from there Valve still ignored as they should
Tyler Sanders
>exploit that NEEDS your PC to already be compromised to do anything at all >And even then only one method to achieve UAC bypass
Mr. Repairman has admin access BECAUSE I'VE JUST GIVEN HIM THE FUCKING COMPUTER ANYWAY YOU MUPPET.
Jordan Murphy
He offered all the games on Steam if they could. I distinctly remember that marketing gimmick.
Owen Thompson
If you send in your laptop for repair they can get your data regardless of the exploit or not idiot
Kayden Scott
If you let someone else use your steam account, then they can use your steam account.
God help us all.
Luis Butler
You're a retard
Zachary Ramirez
Is Epic really trying to push this shit? Of course your shit is going to be compromised if you allow someone admin auth on your system. If you are allowing people access to your system, you deserve this. If you are allowing 3rd party sites to access your system, you deserve this.
The Rape of Nanking is Imperialist propaganda and never happened. Xi abolished term limits and Mao killed 100 million gookoids in a magnificent Leap Forward.
John Garcia
There's at least one EGS shill that'll hack his own computer (i know) just to post a reddit thread about it.
Aiden Robinson
>a real exploit compared to the epic store spyware fake news >n-no its not r-relevant steam drones not even fucking once, get a fucking grip
Stop shitposting and baiting steamdrones you autistic epic shills. We could have had proper discussion about it but you have to start off with consolewars instead of actual legitimate discourse.
>Downloading random, shitty F2P games. >Assuming any dev would exploit this when there's nothing to gain in the first place
What would Johny McDev do? Format my drive? Scan my files in hopes of finding allmycreditcardnumbersandsecuritycodes.txt? Yeah that sounds worth the price of being banned from Steam forever and facing charges.
>walking away from your PC while leaving yourself logged into Steam is now an exploit
Does not locking your car door count as an exploit for a carjacker, or are you just an idiot?
Cooper Martinez
It doesn't change any of the facts that this still requires local access and it doesn't change the fact that SYSTEM won't do any more damage than an Admin account
Nathaniel Garcia
>share a computer >not even get hacked but someone doing the equivalent of installing malware from shady chink sites anyways Wooooooow thanks valve
Andrew Rogers
wonder how much tim payed this guy to try to find an exploit
Luis Sullivan
>requires admin privileges to pull off, rendering the escalation of privilege practically worthless because if you already have admin there are much better ways of obtaining NTAUTHORITY/SYSTEM nice exploit
Adam Long
Not going to read any of that faggot nerd shit, the thread says steam is letting people steal my password when that literally doesn't matter because of steam guard.
Charles King
There is nothing to discuss. There is no way for this to happen unless you are intentionally trying to make it happen. If you were allowing physical access to your device you are an idiot. This was known in the 70s.
Lincoln Rogers
You are supposed to have a password on your admit account, user.
Christopher Cox
Way to prove you're a fucking retard once again
Christopher Scott
why are you lying you fucking faggot, its litarally the opposite >You can grant system rights to programs without having admin rights, if you have steam installed.
Lincoln Rivera
>payed It's paid.
Connor Bailey
why would you give him your admin password?
Jordan Clark
>epicshills crying about a security flaw that requires physical access to your computer Grasping at straws here drones. Meanwhile, let’s see what epic itself has to say, oh yeah, “password successfully changed :)”
Jack Ramirez
You also aren't suppposed to let 3rd parties fix your machine. Learn to do it yourself for self sufficiency and to avoid situations exactly like this.
Jayden Sanders
You can't write to HKLM without admin, retard
Alexander Thomas
This thread just confirms that epic niggers are absolutely fucking retarded
Ian Jackson
Go and show me how you plan to write to HKLM without admin rights, because to pull off the exploit it requires you write to there
even if they have my password they can't get past the 2FA
Kayden Myers
PEOPLE HAVE LITERALLY RECREATED THIS EXPLOIT YOU GOD DAMN FUCKING D R O N E S
Zachary Fisher
This honestly. There's a reason that big ransomware attack last year targeted government organisations and businesses - they have money. Realistically, how much ransom could you get from some autist with 250 indie games in his steam library installed via keys?
Cooper Ortiz
If you're dumb enough to get someone else to fix your computer, you're dumb enough the give them your password when they ask for it. Cause they will ask for it. Every time I've had to deal with IT they ask me for shit so they can "test the computer" and I just tell them to fuck off and deal with it myself.
Blake Perez
There is new steam exploit every month, it has been like this for literaly 13 years. No one cares anymore
Aaron Turner
Steambros have nothing to worry about since their inventories are worthless now anyways.
>sending your laptop in to some shady asshole on the street >at all
OH NO NO NO NO
Jonathan Bailey
you fucking retard you dont need admin for that, you can literally hack university computer with tat subhuman, with steam as spyware
Wyatt Anderson
>someone got access to my computer, open my case and reset my BIOS password using a jumper >WOOHOO MY PC GOT HACKED I know Yea Forums is retarded, but damn.
>"""vulnerability""" in how Windows services are programmed >b-but it's Valves fault! How many games does Sweeny wanna bet that it also doesn't apply to any launcher
Joseph Gutierrez
>reset my BIOS password using a jumper >jumper
how you seen modern mobos you fucking dumb boomer, go back to the 1990s
John Lee
wtf, uninstalling steam right now bros, time to get Epic Store
Zachary Martin
>using ransomware Literally the nigger of malware. There are so many better options than ransomware
Thomas Perez
Wow biiiiiiig deal. Enable two step verification and nobody can do jack shit to you. I've been getting notifications every day for a whole year now that some nigerian hackers are fruitlessly trying to get into my Steam and Epic account and despite having my password they've not been able to get in. It gives me a hearty chuckle each time the notification pops up and I refuse to change my password because visualizing the the dumb cunts with absolutely nothing going on for them stuck in some commie country desperately trying to keep trying to get into my account so they can sell it for that 2$? instead of getting a real job is just too entertaining to me.
The moment I saw this on bleeping computer, I just knew the EGS shills were gonna be all over it. I think this just confirms that blindly worshipping a corporation is a bad idea, regardless of who it is.
May heaven have mercy on all of us for being a bunch of manchildren obsessed over corporate console wars.
>A solution for your problem could be a background service running in the windows system context. This service is able to write access the registry HKLM hive due to system previleges. This service communicates with your application using an interprocess communication. Heh
Aaron Diaz
Functionally, you need access to run something on the system, that is all. Can be a restricted user with no admin privileges and this can allow elevation to full admin privileges.
Jeremiah Hughes
You're a fucking idiot. There is HKLM (Hive Key Local Machine) and HKCU (Hive Key Current User). Both serve similar purposes, but one (LM) is for all users on the computer and therefor requires admin. CU is designed for user level programs to have a place to store their registry entries without impacting all other users on the computer, and doesn't require admin rights
James Ward
>requires a third party program L O L O L
David Hall
If you need a repair why would you send it to some high street mug to fix it? They literally Google the solution themselves. I've had official company repairs done on my stuff and they swear up and down they need the password to fix it, yet they fix it fine without. Even if there was no exploit, they could cut out the middle-man and install their own malware, so well done.
Jaxon Cook
ARE YOU FUCKING RETARDED YOU SUBHUMAN, THATS THE POINT OF THE EXPLOIT YOU DONT NEED ADMIN RIGHTS YOU GET THEM
Owen Kelly
>Every week some pajeet is login into my uplay account >Every week someone is attempting to get into my epic account >Every week no one is trying to get into my steam account Do pajeets and ruskies just not like steam?
Jayden Howard
Just uninstalled Steam, thank you OP. There's nothing worth playing on it anyways.
Some faggots are so worried about keepings their info secure but the truth is that they really don't have anything to hide
Michael Rogers
I'm actually surprised it didn't blow up at all. You'd think all the mainstream gaming press would hop on this shit but it's already two days old and no articles at all.
It's almost as if Valve pays these journos to hide it. Hmmmmmm.
I did. The most interesting part was how the guy that found the exploit made it public despite warnings not to, because the usual expected response time in the business is 90 days.
He is totally being paid by Epic to cause a ruckus.
Evan Hill
it's that hacker Yea Forums again, be careful user
Mason Cooper
hide what? this will not affect anybody who doesn't log into their personal accounts on fucking public computers and if you do that you deserve to be hacked
Parker Brooks
schizo thread
Jeremiah Flores
PULLING OFF THE EXPLOIT WITH STEAM REQUIRES YOU WRITE TO HKLM. WINDOWS DOESN'T ALLOW WRITING TO HKLM WITHOUT ADMIN RIGHTS. YOU NEED ADMIN IN THE FIRST PLACE AND IF YOU HAVE THAT THERE ARE BETTER WAYS OF GETTING NTAUTHORITY\SYSTEM SO IT'S POINTLESS
Jose Martin
steam drones now its time to kys even reddit nigger are smarter than your drone brain
>There is a forked version of the currently available PoC that doesn't break the steam service. >You don't need admin permissions to execute it. >Just run it with powershell with a non privileged user and a file called success.txt should be created in C:\ which should only be supposed to be possible for admin accounts. >gist.github.com/roflsandwich/6fb5df2abda912b9d33aad291c9f87de
Jose Gray
>"I did this test on a clean Windows VM; aside from Steam itself, the only code I needed to download was regln-x64.exe, a simple utility for the linking of registry keys, which requires no installation." >"the only code I needed to download was regln-x64.exe" >need a third party program to do it genuinely nothing 1989 Tiananmen Square protests
non /g/ user here. Explain please. I only play steam at home.
Luis Hill
>you dont own your games on steam >you dont own your life in China Steam is still better than Epic
Leo Fisher
>The vulnerability demonstrated here is only 45 days old. Normally, publicly disclosing an exploit this quickly would be a big no-no in the Infosec community—the typical grace period for response is 90 days. Really made me think.
Julian Martinez
>implying i don't use a phone guard
Eli Diaz
He is not even wrong though, even if he is a bit obnoxious.
Sebastian Ross
The point is that valve changed the permissions on the registry keys under HKLM\Software\Wow6432Node\Valve\Steam so that all users have full control over them. Try it with a guest account or something if you don't believe me.
Isaac Bell
fake and gay unless you have meddling family members around
Lucas Fisher
Essentially, if you have common sense 2019 installed, it's a big ball of nothing. Any exploits from this need your computer to be compromised in the first place.
Christian Jones
If you download freegames.exe, you get hacked.
Blake Watson
and it also requires creating symbolic links, something that you need admin for
Tyler Fisher
All this thread proves is that steamdrones are delusional tech-illiterate retards.
You deserve to get fucked by Valve you cockmongling idiots.
Brody Foster
>The attack does not require any file to be dropped anywhere or any special privileges. Although we downloaded regln-x64 to make the proof of concept prettier, I could have accomplished its task—symlinking registry keys—directly inside regedit.exe. Can you read?
Aaron Moore
Oh bother. That's no way to talk to your fellow anons.
>EGS retard shill absolutely buttblasted about being BTFO Its fucking nothing, faggot. Try fixing your own store first
Samuel Ortiz
The only faggots that need to be worried about this are dumbos that download shit from shady torrents
Dylan Rodriguez
>epicshills blowing up over literally nothing >steamdrones are delusional somehow because they aren't afraid of a local exploit
Logan Robinson
...
Angel Parker
post this on /g/, if you are so great
Joshua Thomas
>chinks btfo at every turn because they don't understand how modern windows works since their country is still stuck on XP >claim victory anyways
Tyler Wilson
EGS literally scraped data about Steam from your PC without consent. When people found out they updated the Fortnite TOS the very next day. It will never not be spyware.
Nathan Fisher
>Doesn not need any privileges Except admin authority to link those registries, something you keep ignoring
Lincoln Morales
More like >chinks BTFO because they don't understand NOT having to share a computer
Landon Foster
You've dug your grave you hypocritical muppets.
I'll be laughing at you cunts a few months from now.
Jack Taylor
>need physical access to use the exploit >can gain admin privileges with physical access anyway Bravo.
Levi Price
>epic shills trying this hard LMAO
Noah Cruz
>can gain admin privileges with physical access anyway
explain how?
Adam Lopez
Still doesn't require a 3rd party program. I'm not going to argue whether this is 100% legit and whether it requires admin since I'm not pretending to be an expert here.
Anthony Price
if someone has PHYSICAL ACCESS to your computer then why does this exploit being a thing even matter? it's a flaw, but at that point you're already fucked.
Brandon Nelson
Shift + right click, run as admin
John Butler
>bootable kali linux >run chntpw >pwned
Jayden Powell
If you use Steam and let amateur hacker Dimitry Vasilev sit at your desk, you are going to have a bad time.
Benjamin Evans
While you're correct that nobody cares about you, they do care about a hundred thousand yous which is potentially a fucking lot of money and they absolutely are going to waste their time to try and tap into that "market". Being (largely) safe from high effort handcrafted attacks will not somehow turn you magically immune against generic automated dragnet attacks.
Chase Miller
Based
Sebastian Parker
So someone took some money to break norms and publish this in this fashion? Seems suspect.
Owen Cox
>I'll be totally laughing as egs kills your shitty videogame store steamdrones! SeeWhatever you say, chang. Shopping cart. Try not to choke on your own tears
Aaron Allen
look up evil maid attacks and cold boot attacks for examples of attacks that revolve around physical access
Cameron Rivera
are you retarded or just pretending?
>turn on secure boot and password protect your BIOS >tell them if they reset the BIOS you will sue them
Nolan Reyes
this thread makes me think of that stock image of a guy wearing a typical robbers mask using a laptop.
So why don't you record yourself doing this exploit on your computer on a non-administration account and post the video here to prove it? because we all know you're just trying to instigate a flame war and you actually don't know shit about how Windows works
Landon Myers
Is that when they are releasing you from the chinese prison for failing to make this bullshit stick?
Michael Reyes
Why not post this on /g/? Seems like it would be more relevant there since to 90% of Yea Forums this shit might as well be magic.
how do you expect them to repair your pc if they can't have admin access? Any repair place worth it's salt checks the machine fully works after they are done
Robert Thompson
>nothing exploit that needs your computer to already be compromised by third party tools >Made to sound scary anyway >MYSTERIOUSLY made public incredibly early
Hmmm yes. Nothing suspicious about this one. No sir. Nope. Nuh uh. Please ignore the sack of dollars with the Fortnite logo.
Samuel Cook
Based and hacker pilled
Jack Hughes
>Gabe: does nothing >Steam still bulldozes Epic
Carson Gray
yes they can check it on a guest account you dumb nigger, why would you give them full admin rights?
Benjamin Morgan
Why is someone else fixing your machine?
Kayden Young
The average laptop user doesn't even understand what UAC is, much less how to boot into BIOS. If they did they wouldn't give their laptop to some repair scam.
Christian Nelson
>turn on secure boot >password protect the BIOS >desolder the bios jumpers
heh nothing personal script kiddo
Kayden Cooper
>still needs to send computer to someone else to be repaired I don't get it
Owen Sanchez
>>Steam still bulldozes Epic
Aw, it's cute that you still believe that; like a retard who can't tie his own shoes
John Sanchez
yeah but I fucking hate steam anyway so I don't even give a fuck anymore.
Zachary Perry
do you have precise soldering equipment worth 1000$ just sitting in your house?
Austin Rogers
Microsoft Store chads, it’s our time to shine.
Noah Hill
Show steams market share and then show Epics.
Carter Hill
Epic is gonna dab on those steamniggers
Adrian Ramirez
>Epic didn't even fix directory traversal through .. in URI's yikes..
Landon Perez
Once this news go viral Steam is dead you drones. Fucking dead, you hear me?
Count your fucking days.
Levi Flores
you can make your own back ups of games you donload on steam
Easton James
Ironically enough yes. We were throwing some shit out at work and I called dibs on it. But the point is, if you know how to do any of that, why would you still take your computer somewhere else to get repaired?
Luis Bell
>repair place can't get admin/bootable to run diagnostics >can't repair your machine
Grayson White
>not swapping the HDD and wiping the RAM before you give PA to your laptop This is why the average human should not have access to technology.
>Epic boss Tim Sweeney is worth nearly $3 billion more than Gabe Newell, according to Bloomberg
OH NO NO NO NO NO
Brandon Morris
OHHANANANANANANAN THIS DELUSION OHIONONONONON PLEASE GOD NO HAHAHAHAHAHAHAHAH >you need admin OHONONONONONONONONON ON OHAHAHAHAHAHAHAHHAHAHAHAHHAHAHAHAHHAHAHAHAHAHHAHAHAH
>The yellow five year old with a plastic knife thinks he's some great hero about to save the masses from evil monopoly Kek never fails to get a laugh out of me Why dont you make it go viral then, epicuck? If steam dies faster you can only gain. So why dont you do something?
William Thomas
so you sidestepped the question on purpose then? So you admit that Epic's market share is pitiful and they won't be around in 5 years?
Gotcha. I accept your graceful concession. You were far more honorable than I would have given you credit for.
Carter Johnson
NOOOOOOOOOOOOOOO GABE IT WASN'T SUPPOSED TO BE LIKE THIS
RAM retains information even after the computer if restarted.
Josiah Butler
These threads are great (you) farms
Ayden King
>accessing Steam through a website that isn't Steam's own website >accessing Steam through a website at all If you're on a goddamn computer, or even on a phone, there is zero excuse for this kind of stupidity.
Hudson Jackson
based epic touts NO exploits FREE games EXCLUSIVE games and Fortinite baby. Steam is done for.
Jaxon Cook
Terminal case of broke brainedness and contrarianism.
Michael Wright
(You) addicts. They get addicted to it worse than heroin
Jackson Lopez
That's not the point, you dumb fuck
Jordan Myers
that's only problem if you installed EGS
Asher Sanders
sure it does drone sure its does
Evan Lewis
>steam has an exploit that can potentially affect MILLIONS which valve LITERALLY hand waved for no reason >uhhhh haha it doesn't work "that" way see? it's still fine
drones...
Joseph Kelly
Some kind of shitposter mental illness. MHW blunder fag is evidently spamming epic threads as well.
Building a house around your PC to prevent people from having physical access has also existed for ages.
James Reed
They are pretty desperate at this point. I wonder how bad the quarterly reports were? Because now they are grabbing the attention of IT workers to laugh at them.
Justin Ramirez
dude
Matthew Jones
There is a simple solution to this problem, don't use steam. There is plenty of games on GoG,Origin,Uplay,Epic. Stay safe, don't use steam
Nathaniel Butler
yea no shit, he gets more cash as developer and game making studio is still fucked in the ass like always
Adam Kelly
Why would you not post this on /g/?
Brayden Roberts
>or you study computer science and your university has tons of computer with spyware like steam installed
So Steam fucked up. They'll have it fixed next patch. >steal your passwords No you idiot, it doesn't specifically let you steal passwords, it lets you freely distribute privileges, essentially allowing you to run whatever you want in admin mode. >Gabe: does nothing >Security problem doesn't just magically go away
Levi Myers
So basically you need to run something for it do do any harm? You do know that malwares have existed since the dawn of computers, right? If there's a malicious dev who wants to upload an infected patch to his game, like you said, he can just bind a fucking malware to his executable and everyone will run it as admin because that's what people do when games ask them for permissions, or he can just use one of the thousand Windows UAC exploits.
Luis Brooks
I could hear your almonds sizzle typing that out you were so angry
why are you still trying to cope with google knowledge based drone
Landon Ramirez
okay, gimmie about 30 minutes, i'm grabbing a windows 10 virtual machine please note that this is still under the same circumstances as physical access, but i'll be attempting to get admin from a standard user account using the instructions people have given with the exploit
if it works, i'd assume it would also work through remote access too. this would only be a danger if people used regular user accounts, though many nowadays i feel use admin accounts on their pcs for ease of use
Might as well infect those with any payload you want if they have a USB slot on them anywhere.
Logan Sanders
Some, in the beginning, were undoubtedly paid to do so. Reputation managment is a huge business. By now though it's mostly A) contrarians B) [you] addicts C) people who don't understand what's going on and genuinely believe epic is doing something good for computer gaming
Cameron Ross
that is intentional to trigger drones
Jayden Wood
So the only real threat from this requires physical access to the machine? Big nothing burger, any retard could hack anything if they could log into the machine.
Andrew Murphy
based schizoposter anyways i'll report back my findings in about 20 minutes
Reasonable people who have gotten sick of Steam's systematic abuse of both developers and gamers because of their natural monopoly. So now we're supporting an actual good storefront that can only bring good to the industry run by a vastly more talented dev team with the most popular game in the world AND the most popular game engine. This is competition of the highest caliber and we're just part of the winning team.
Xavier Hall
>ITT >egs shills >tech illiterate niggers who just google things and don't understand the content >store war shitposters I hate all of you
>developer abuse Stopped reading there to www my bear ass off
Jackson Parker
This. I use the Epic Games Store exclusively these days. Why? Because not only is it safe gaming you get access to the best games available. Not only that but exclusive access to games made specifically for you. On Epic I know my data is safe, and my gaming needs are met. I have been playing For Honor as of late, Sweeney himself has bought and paid for this one and I enjoy a $40 value game, absolutely free. Great to be apart of the EGS family. (EGS stands for Epic Game Store).
Charles Hall
Same fucking fags. see
Jaxson Powell
>steam drones getting literally btfo by trying to defend their pathetic steam store with google knowledge
Hod do pc nerds figure out this shit and why cant they just get normal jobs instead of stealing other peoples shit?
Mason Jenkins
The amount of cope in this thread is incredible. This is just a taste of steamfag tears before their store completely shuts down next year.
Carter Perez
This entire thread is steamcel cope. Nobody cares if you can boot in linux and run some command nerd! Tonight were gaming on EPIC!
Nathaniel Edwards
probably i'd like to assume this would also be doable if you got your way into a normal users account remotely but in this age >most people use admin on their personal machines, particularly wrt steam where many games require admin privs on install >if you have an RCE exploit to do this, why aren't you getting onto the admin account to begin with?
i can't think of any sort of major situation where this could be a massive risk i'd also like to point out the author posting this exploit in 45 days of discovery, when grace period is 90 days, which really isn't how you handle disclosure at all the VM is downloaded, i'll be back in a bit
Because its a rather well paying job to figure this shit out to stop people from stealing shit?
Ayden Murphy
>Epicfag making shit up. Fuck off >ITS A HOAX >trust me can you fucking read the thread atleast
Dominic Johnson
Tired malicious shitposting isn't an opinion, wojak retard.
Isaac Adams
>symlink creation that requires admin rights or an alteration to default sec policies to allow users to do it, which also requires admin rights
Anthony Robinson
Yes but not them. I mean the pajeets who use this knowledge for bad reasons like stealing your shit. Why don't they just use the knowledge to get a normal well paid job instead?
Mason Hill
this shit pays well, really well treat your whitehat bros right, they found it and had the good grace to tell you that there's a hole in your shit rather than steal everything
Jonathan Cooper
No you misunderstand. see
Colton Lewis
>exploit >that need access to the registry edit >with administrator privileged
If a hacker already have access to your pc then you're fucked up already. They don't need to touch steam as they have countless way to ruin your life other than this.
Its real, but its a low level security issue that is inherent with this type of software. Also, I am 100% sure if somebody look up through Epic launcher they could find similar vulnerabilities.
Jordan Ramirez
Well, that's just because they're evil. And being evil pays far better than a normal job in their non-loo-pooing country for far less work, even accounting for the effort of learning the things.
Joseph Butler
FUCKING NIGGERS
Levi King
so wait, this exploit exists if person has >1) Access to my computer >2) Has admin rights to enter regedit Bitch, he someone accesses my computer steam launches automatically.
Gabriel Martin
What the fu- HELP HELP! A YOUNG LOOKING ARMENIAN WANTS TO SITS AT MY OCOMPUTER EXPLOTS TSTEAM FOR ADNING ACCEESS HELP EEEELP
Brandon Bailey
Please understand the exploit before trying to dismiss it. Steam's registry key lets you create symlinks without admin privileges.
oh yeah true, some people like to wreck shit i guess though people sell 0days for serious cash ransomware if done well can also make serious cash, but if you get big you do end up with feds on your ass so there's that
Do you guys actually have anything important on your computers/laptops? I just have games on mine so it makes no odds to me if it gets hacked. I'll just format the drive. It is a hassle though as I'm very lazy.
Jason Diaz
why are you drones so fucking embarrassing
Grayson Thompson
pajeet economies are so shit that it is better to just steal, there is actually less risk in stealing than working in a sweat shop
Jayden Diaz
This is not something Steam can choose, this is WINDOWS that doesn't let you do that not fucking Steam.
Nolan Morris
>Its real, but its a low level security issue that is inherent with this type of software. Also, I am 100% sure if somebody look up through Epic launcher they could find similar vulnerabilities.
Not really, steam is a fucking Swiss cheese. It's core is outdated as fuck and valve should do something about it years ago
Parker Hill
>thinking you have to format your drive over this for some reason Bruh
Cooper Scott
aight aight here we go.. epic game store red stained floors steamcels can't put up a fight my nigga Xi up late at night setting the records right no affiliation mutually exclusive entities that's satisfactory (haha) borderlands 3 steamcels still seethe
Henry Ortiz
>Requires access to my computer I'll be sure to be worried as soon as a stranger gets access to my entire computer
Juan Williams
Just because you can throw together some shitty ransomware doesn't mean you can produce quality code.
Tyler Martinez
>find "exploit" >but it's shitty so dev doesn't want to pay you for it >get assmad and leak the exploit, forever ruining your own reputation in the business
are you fucking retarded ? sure windows is not the best os, but the rest runs through steam
Noah Martinez
If Steam is outdated then I fear for everyone using EGS since those devs have demonstrated that they don't even have 1/10 of the competence.
Just a coincidence :^)
Michael Hill
>if I run malicious software on my computer bad things happen Amazing, I would never have thought of it!
Bentley Martin
Protip faggot. When you puke out talking points dont copy paste them all together.
Thomas Peterson
I'm not good with computers. I just play games.
Brandon Nguyen
Please explain how the multiple proof of concepts that have been posted and were done with a non elevated accounts worked then. See For said PoC
Ryder Barnes
regedit is 100% Windows feature, you did not protect your windows with adequate protection that is why you can create a link that is why you can edit regedit, fucking moron.
Jose Gutierrez
Because Epic devs were to lazy to manually hardcode game filesize into the launcher every update for every game.
this, its a fairly weak exploit in the grand scheme of things the only user case i've seen as a potential issue is >family pc, parents give kid normal user account but give him steam >browser hit with 0day that allows access to account >this can then be used as EoP >bing bing wahoo your pc is hacked but yes, leaking it early is REALLY DUMB and means nobody will touch him for future affairs
Noah Harris
The point is that because steam has dogshit "curation" any fucking shmuck can get you fucked you idiots.
Julian Adams
Are you telling me that using a platform where I don't actually own shit, I need an account, which knows my credit card, datamines me, makes me easy as fuck target to track down is not safe?
WHO WOULD HAVE THOUGHT?
Kevin Collins
This was the best undisclosed steam exploit that fornite money could buy, huh? Sloppy job, Timsad
Connor Lewis
Ok, this is epic
Christopher Campbell
They opened CMD to create this, CMD is admin only tool in windows, if you have access to CMD you windows account has privileges it shouldn't have in public computer.
>w-why won't Steam stop me from downloading shitty, shady games?!?!?
Yeah ok pal
Matthew Ward
>I have no counter argument beyond repeated personal attacks and well poisoning methods >Let me post this trendy wojack to ensure they think I'm a real user
okay, its taking longer than i expected to get this VM set up i don't see this as a particularly major issue though, as indicated in this post most people use admin accounts, and there's a way to prevent this yourself apparently: >"Not a Steam option, but rather the windows service named "Steam Client Service". I don't know if it's the same for windows 10, but at least on 8.1 you can go to the Services tab of Task Manager, then click Open Services at the bottom. From there, locate the Steam Client Service, stop it if it's running, and set its startup type to "disabled" on its properties popup." this has the drawback of UAC kicking in everytime you start a game up for the first time
you're implying steam is the only one with exploits i hope you don't have flash player, adobe reader or any major web browser, any major service with a wide install base has loads of people digging into it to find ways to bust into people's shit
Windows is actually the only modern OS without a command prompt, the one in Windows is emulated, which is why you have to run it as an admin when you actually want to do anything with it.
Asher Morris
This shows how little you care about your privacy, CMD can be exploited. If your public computer can run CMD can run BAT or MSI or EXE that admin didn't explicitly allow to run, you shouldn't log into anything. You are sitting on a computer with potentially running keylogger on it.
Nathaniel Cruz
aww common user. I'm not having any luck with reverse image search or yandex and I'm curious. It sure would be cool of you if you could help me out
Stop using admin accounts for daily use, you god damned apes. The command prompt can't bypass anything that would require admin privileges unless it's run on an admin account.
Lucas Howard
group inou
Luke Stewart
>you're implying steam is the only one with exploits >i hope you don't have flash player, adobe reader or any major web browser, any major service with a wide install base has loads of people digging into it to find ways to bust into people's shit
I did, because people like to act like steam is somehow secure which is bullshit.
Carson Morris
CMD has loads of exploits, there are probably more exploits in CMD than in Intels CPU
Brandon Wright
>burglar got into my home >Logged in my computer with the guest account that i have in my personal desktop >Used steam to run admin privileges >Stole all my dolphin porn
FUCK YOU GABEN I HAD SOME OBSCURE VINTAGE DOLPHIN RAPE CAVES THERE
Luis Long
>implying anyone said anything about a public computer Nigger you were saying it was impossible to symlink without admin access. Then you claimed you couldn't open cmd without admin access. Then you jump to a public computer scenario to try and backpedal because that was a straight fucking lie. The whole point of this exploit is that it can do this shit without admin privileges.
Hudson Butler
no, people ITT called me an Epic game store shill, while I never even installed that shit, this hurt my feelings. youtube.com/watch?v=w_os8HqfxHc
Jaxson Adams
Steam is as secure as most secure application on Windows. It's not more or less secure than Maya
Jaxon Cook
I don't care if it runs on my personal computer, that isn't an exploit. If you have access to my personal computer than you have already broken into my home, cracked my windows, cracked my encryption. This is all implausible at best.
Luis Nguyen
thanks fellas. I love you both and hope you have a nice day
assuming anything is secure is always unwise didn't steam have an issue with someone putting malware in their shovelware game a while back?
it looks like by the time this VM installs, the thread will most likely die from hitting the bump limit. but i'm inclined to say this is a legit exploit with so many demonstrations of it. now, is it big? no, not really, there's only some small cases where i'd argue this would be useful when done remotely, if this was RCE it'd be far more major. but as it stands its a fuckup with privs that'd presumably be easy to fix. in fact, you can fix it yourself right now by disabling the steam client service is the guy dumb for breaking grace period? yes, he's probably now never gonna get much work in this field for sperging out like this
James Sullivan
What's the worst case scenario lad? And how likely is it?
Matthew Walker
reminds me of Ryzenfall, but this firm didn't give AMD even a day just created a website.
Joseph Hill
>implying the only way to use this exploit is by sitting at your computer and be using cmd What is this dream scenario you have thought up? Regardless this still doesn't disprove the very original point . No matter how many times you move the goalpost. It also doesn't make it not an exploit.
Colton Reed
It's almost like he knows is hardly anything but wants to stick it up to valve because reasons. Maybe he thought he struck it rich on the bounty program.
Ryder Rivera
Every exploit needs a good and understandably way to exploit it, I have exploit in my house, where I can open bathroom from outside. Is this cause of worry? No. If you find exploit but can't find reasonable enough case for it, what are you exploiting?
Colton Wright
Well it is an exploit for Steam so he probably got excited as fuck for it.
Hunter Barnes
>the only game in my steam library is DOTA2, which I've spent 0$ on feel free to steal my shit, bros.
Blake Wood
You mean trigger people that gave them money.
Jeremiah Russell
Good to see you have conceded the point and admitted that at this point it is a matter of practicality. Not whether or not said exploit exists.
Camden Moore
I can't believe it took 350 fucking posts for shitposting to settle down and reasonable posts start popping up.
Ian James
I never said otherwise, this is why i made whole "admin protected", you fucking moron.
Jason Hernandez
From my brainlet understanding, only malicious games or updates can really exploit this.
Jack Perez
What's the quick rundown? Also, anyone here want to ERP :3 ?
Joseph Rodriguez
You are a fucktard if you use digital distribution, what is there is to discuss? Platform doesn't matter.
Andrew Torres
>that gave them money 10% at best the rest steam drones (with 0 interest to play the game)
Lincoln Thompson
>I never said otherwise
Bentley Mitchell
>Tencent devotes oodles of moeny towards industrial espionage. >Insectoids callously put that info out for business advantage >Blame valve for not being able to hand wave something put on the internet out of existence.
Sounds about typical.
Adam Cooper
Also funded by Intel
Ayden Gray
Don't install or play games that ask for admin, simple as that.
William Gray
>still finds a way to blame Epic for steaming pile of shit
top lmao
Bentley Cook
The same way Chris Roberts wasted money away on unneeded bullshit to piss of SA Goons, yes.
Aaron Price
The one that chewed the remote?
Hunter Ross
Only one of them is me and I said that you can't create this exploit without admin access, with is 100% true, if you are running your windows in admin account, stop because you clearly don't understand what is permitted with non admin account.
Landon Gray
rent free and btw tencent is owned by south africans, perfect world on the other side is literally chink the company
Anthony Thomas
worst case comes from this happening to a standard user rather than admin. in this case, you'd need another exploit (usually in something like a web browser) that allows you to remotely access an account, you use this to EoP from a normal user to admin privs. admin privs means le hackerman has full control of your machine
if you used the exploit that gives you remote access and you hit an admin account, this is useless since you've already got admin privs
this can be prevented by disabling the steam client service as mentioned in this post with very little drawback
to put it simple: >you can prevent this exploit yourself by disabling a service >EoPs are useful only if you didnt immediately hit an admin account with the exploit you used to access the machine >most people use an admin account as their main account on their PCs because security is hard >the most likely case is little timmy gets his chrome hit with a zero day, and the hacker uses this to escalate onto admin privs and ruins the family computer
this can also be done with physical access, but if someone has physical access to your machine you're already fucked (see: evil maid and cold boot attacks)
the other avenue is malicious games, but in that case, don't fucking install shovelware. you also give admin privs to launch games first time anyways, the steam client service works to stop that from happening in every first launch you do.
>make a thread with this picture about mechanics not explained in games >get TWO perma global bans Epic
Brayden Cooper
Yea what kind of entitled go- i mean guy thinks he deserves to own anything
Elijah Wilson
So if I use Steam Guard (thus making my Steam password useless without access to my phone), does this affect me at all?
Matthew Martinez
So my gut instinct was right and it's a whole lot of nothing as long as you're not an idiot?
Cooper Ortiz
Hold up, i need to fix potential vulnerability by myself? Why valve is so anti-consumer
Noah Peterson
Not unless you use same password for your email as you do for your steam account.
Lincoln Edwards
>Steam did something bad yeah ok that sucks >use Epic instead lmao nope
Anthony Adams
Oh, so it's nothing.
Angel Cox
>Someone found exploit for Steam that is hard to use to actually exploit. >USE EPIC USE EPIC USE EPIC
Sebastian Clark
>the certified repair man decided to steal your data and get sued into oblivion Is this peak anti-steam drone education?
Grayson Cox
Good thing I use a special credot card for everything I do online and I never have more than 100 bucks in there
Daniel Parker
the liberals did this
Parker Murphy
If you get caught in this, they can do whatever they want to your PC. Your Steam account would be safe though.
Jordan Peterson
This exploit can't give access to your credit card, all it can do is give access to your Steam password, and that is it.
Christopher Gray
Well more important question then, if the few things that can get people here are malicious games, how good is Steam at detecting literal malware in the hundreds of "games" that get into their store every day?
Dylan Myers
this isnt for stealing passwords, its for access to your pc i personally argue its a low risk exploit regardless, but valve will most likely patch it since the person who found it sperged out and gave a low-grade exploit this much publicity
you don't have to fix it yourself, i'm just presenting a temp solution that patches it until valve fixes it. which they will, seeing as it garnered this much publicity for no good reason. please don't stuff words in my mouth
its not hard to pull off, considering ledditors can do this with instructions it's just it has such a small base where it could be worth using it, that i'd argue it's a small exploit.
>an exploit that needs you to be a brain dead faggot that installs steam on public PCs or work PCs >an exploit that needs you to give access to your computer to some stranger >an exploit that needs you to have an IQ lower than that of an ANTS for it to work and >people are getting pissy about it in this thread There is no hope for humanity. Holy shit.
Is there anything wrong with epic? They seems to have better security than steam at least
Kevin Nguyen
lmao
Jeremiah Robinson
Epic store has had password leak before it sold any games on it, so yea... it kinda isn't any better.
Leo Ross
u wot
Cameron Mitchell
>Only one of them is me and I said that you can't create this exploit without admin access, with is 100% true It is 100% not true you fucking retard. Unless of course you are talking about the initial steam install requiring admin usage but that is literally irrelevant since we are talking about an exploit that uses a steam installation. In a scenario where the user is a standard user with no group policy changes since 95% of people don't bother with that it is 100% possible for this exploit to be done. Feel free to test it in a VM if you don't believe me.
Logan Perry
>Is there anything wrong with epic? Is there anything right with epic?
Ayden Harris
So it literally doesn't mean shit unless you use your on the shared family computer. Thanks, I guess. I guess that means I'm fine since I'm not an underage faggot who lives with their mom.
No i'm not talking about that. > In a scenario where the user is a standard user with no group policy changes since 95% of people don't bother with that it is 100% possible for this exploit to be done. Feel free to test it in a VM if you don't believe me. Well, standard user has admin privileges not all but most of them. But question is, why use this case? What good does this case bring? Injecting persons computer with a scrip and retrieving his Steam password? What will that achieve? What is the maximum harm that is possible with this exploit under this case?
Carter Morgan
If someone can do any of this in the first place, you're already fucked regardless of Steam.
>They seems to have better security than steam at least Clearly you haven't used EGS then, you'd be assaulted with like one hacking attempt per day on that platform in worst case scenarios.
This is clearly a conspiracy Valve themselves planted because they're pumping large amounts of money into Linux so the more they fuck with Windows the better.
Jack Rodriguez
So how much do you think Epic paid for this leak?
Aiden Butler
Seems like you data was leaked somewhere else and even thought you are a fucking moron, epic still manage to protect your account. Why are you seething over this?
This is why I filled my room with pet spiders. Go on, use my PC, friend.
Connor Morris
Heart by group_inou
Joseph Rivera
>But question is, why use this case? Because the only people that could potentially be affected by this are people with enough sense not to use a admin account for daily use or anyone on a family computer. > What good does this case bring? Injecting persons computer with a scrip and retrieving his Steam password? I'm not sure what you're attempting to say here due to your ESL garbage but assuming you mean what does the exploit allow you to do? All it does is let you elevate and run anything with admin privileges. So pretty much the usual drive encryption -> data ransoming, installing more malicious software. This wouldn't let you retrieve the steam password. Maybe you should actually read the PoCs and the initial writeup on the exploit.
so if this is, all about gaining admin access in an admin access account, why use this exploit instead of billions others? WannaCry didn't even need admin access to being with. It's far easier and faster to get access to run arbitrary code in Windows than hoping for everyone to use Steam.
Weird, why do i feel like you are trying to manipulate people out there?
Matthew Perry
Yes, one is 4 years old forum breach. The other one requires you to fall for the "free v-buck" link, which is fixed.
Your point?
Robert Barnes
>all about gaining admin access in an admin access account This is pointless when your definition of "admin access account" clearly differs from windows.
Chase Wright
you would be surprised with how many people use an admin account on their home computer. i personally don't think of this as too major, since you either need a dumb user to install something or a 0day on say a browser to get the initial access to pull this off. this was still disclosed within grace period, which was a really shitty thing to do. i think it'll get fixed quickly since it's hilariously easy to do.
Anthony Robinson
Awesome, I can surprise people with free games while playing their games.
Dominic Gomez
if you go to User Accounts in CP, you will find that your standard account is marked as "administrator"
Justin Long
>Ignores the "Epic Games" one (U) denial for cherry picking
Gavin Jackson
>check this thread >kaspersky goes off 4 times >it's blocking access to a github gist >google the gist ID >IT'S THIS FUCKING EXPLOIT
At least the thread ended chill and comfy with my brainlet self learning something new. Thanks Yea Forums.
Dominic Davis
>This exploit is so know, that even anti viruses know of it existence Wait, OP. Are you sure you are first to find this out?
Brayden Miller
Funny how I posted both Steam and Epic's pages, and also found a recent one involving their most popular game Isn't it also amusing that the Valve exploits you linked are from HL1?
Why do I feel like you're trying to discredit someone explaining the exploit but also presenting both having issues with security? Any and all popular software has exploits, it just used to be easier back in the day
Standard and administrator are 2 distinct types of accounts in windows. When I said standard I meant standard. Not the default account the machine made on first log in.
nobody claimed that Steam isn't full of holes that people haven't found out yet. unfortunately this is how all of software is, this includes Steam, Epic, Paint fucking everything is like this. EGS just has had way more incidents in last year than any other game store out there.
Lucas Foster
That doesn't negate Epic's security issues, you absolute mongoloid.
Steam isn't safe either, this thread is proof of that. Only cock sucking retards defend distribution platforms.
Noah Collins
Probably can figure the PoC is trying to do naughty things (aka priv escalation) In the real world an exploit would be more clever about hiding what its trying to do
Thomas Reyes
Fuck I hate steam, if it wasn't for the exclusives on it I would have dropped it years ago.
Parker Brooks
>Isn't it also amusing that the Valve exploits you linked are from HL1?
The ones you posted are all linked to unreal tournament or unreal engine so yeah. You are clearly biased, so maybe drop the mask already?
Jacob Thomas
fuck computers, honestly
Logan Turner
>2011 breach that only lost encrypted shit >never found for years and years >article about how it was patched before it did anything >doesn't affect anyone since steamguard is on by default
Great examples.
Nicholas Campbell
>security issues >security memes
Joshua Lopez
In the past year epic had one incident
Luis Lopez
If it's that easy to fix then why hasn't Valve done anything about it yet?
Ethan Fisher
I have a few accounts that I made when I was like 10 that I haven't touched in well over a decade. Should I be worried?
Liam Edwards
I then linked an issue with Fortnite in the same post Please, drop the act, no program is secure, neither steam nor epic
Ayden Thompson
Reminder that the bank owns your money, not you. If a security breach occurs you'll lose everything and the bank won't reimburse you because that's just a known risk lmao
Robert Wood
Horseshit. People are constantly having their credit card stolen on epic, retard nigger.
James Jenkins
Well, then you can't run CMD without popup menu asking for permission, unless otherwise edited. making your whole exploit mooter than it was before. Editing Windows folder is also not possible, making your exploit almost useless.
Bentley Price
>severe security breaches >lol steam is secure guys
>This vulnerability allowed cyber criminals to take over Fortnite accounts, make purchases with the game's virtual currency and also eavesdrop on and record chatter among players.
Literally worse than anything that ever happened to Steam.
Easton Ramirez
I'd say that they've got bigger priorities, such as setting up shit for that unusual hat fiasco that happened a couple weeks back It's also generally expected that people actually follow grace periods and not sperg out and post shit way earlier than it should
James White
Yes you can. I didn't do shit to group policies or this account and UAC did not pop up. CMD does not have to be run in admin mode despite your beliefs.
>Literally worse than anything that ever happened to Steam
Like scam links were never a thing in steam lol
Mason Morris
This is correct Regular users can use CMD, though a number of commands (among other things you could do) aren't allowed due to lack of admin privs Unfortunately, the commands done with this don't require such privs
Ian Robinson
If CMD isn't admin tool, you are fucked as you can disable UAC from CMD, you can make your account administrative from CMD. What is the point of your exploit at this point?
Nicholas Morgan
>Reminder that the bank owns your money, not you. If a security breach occurs you'll lose everything and the bank won't reimburse you because that's just a known risk lmao source? feel like there'd be an outrage if something like that happened.
John Perry
I'm getting an antivirus warning about this exploit everytime I refresh a page or catalog on Yea Forums. But only with 4chanX enabled.
Of course a product like Steam is gonna have security breaches over it's lifetime, you dip. Pretty much every software does, from time to time, no software is perfect. Look up any, and I do mean ANY software that's as old as Steam that isn't fucking made by a literal who and used by like 10 people and you'll find just as many security issues over the years. Security issues happen, no matter the software. The only thing that really matters is how fast they can patch these issues once people know about them, if you don't fix them before people find out. And let's be frank here, with this shit, both Steam and Epic still have issues to fix.
Connor Long
>you are fucked as you can disable UAC from CMD, you can make your account administrative from CMD. What is the point of your exploit at this point? No you can't you mouthbreather. From a normal CMD access will be denied.
that isnt the case where i live, where i'm at if the bank gets fucked in any way, you're entitled to have your money back up to a certain limit, which is a generous limit this limit is for each individual bank you reg with, so you could just have a bunch of different accounts if you're really paranoid about the chance of the economy crashing
No it wont, windows has about ten garillion of privilege escalation exploits most of them done in CMD some in regedit, some in netstat. You found just one of million of ways to elevate privileges, congrats you aren't special.
Oliver Anderson
and the source is where OP? gotta say EPIC needs to up their game on PR very weak
Xavier Jones
>this exploit shouldn't be fixed/doesn't exist because there are other exploits. Nice. Also you would gladly cite some of those other exploits right? Ones that work on a fully updated windows 10 machine?
Elijah White
It is fairly obvious you don't have a clue and just want to look smart on the internet. >netstat lmao
James Fisher
i don't trust (((banks))), but where else can i hold all my money, you know? I dont like to have cash and i like using my credit card to build up my credit score.
Zachary Lee
If you have the permissions nessecary to even use this exploit in the first place then you don't even need Steam to fuck over someone's computer. This exploit just makes you jump through extra unnessecary hoops to achieve the same fucking thing. I mean this doesn't mean Valve shouldn't fix this shit, they definitely should, but pretty much nobody with the access nessecary to use this exploit in the first place would bother using this because there's much easier ways to do it.
Noah Gray
where im at that moneyback thing is guaranteed by the (((government))) rather than (((banks)))
its a brainlet EoP, anyone can do it. however its fucking useless since its public anything public usually gets patched super fast
