CVE-2019-15315 – This vulnerability allows local Windows users t... (How to Fix)

Q: What is the severity of CVE-2019-15315?

CVE-2019-15315 has a CVSS score of 7.8 (HIGH). This vulnerability allows local Windows users to escalate privileges to SYSTEM level by replacing current Steam service files with older, vulnerable versions. It affects Steam Client for Windows installations where users have write access to Steam installation directories. The bypass exploits insufficient file permission controls.

📋 TL;DR

This vulnerability allows local Windows users to escalate privileges to SYSTEM level by replacing current Steam service files with older, vulnerable versions. It affects Steam Client for Windows installations where users have write access to Steam installation directories. The bypass exploits insufficient file permission controls.

💻 Affected Systems

Products:

Valve Steam Client

Versions: Through 2019-08-16

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local user write access to Steam installation directory, typically C:\Program Files (x86)\Steam

📦 What is this software?

Steam Client by Valvesoftware

View all CVEs affecting Steam Client →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full SYSTEM privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement capabilities.

🟠

Likely Case

Malicious local user or malware escalates privileges to install additional payloads, modify system configurations, or access protected resources.

🟢

If Mitigated

With proper file permissions and user access controls, impact limited to denial of service or application-level compromise.

🌐 Internet-Facing: LOW - Requires local access to system, not remotely exploitable.

🏢 Internal Only: HIGH - Local privilege escalation vulnerabilities are significant for multi-user systems, shared workstations, or environments with untrusted users.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit involves simple file replacement operations. Proof-of-concept details available in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2019-08-16

Vendor Advisory: https://store.steampowered.com/news/

Restart Required: Yes

Instructions:

1. Launch Steam client. 2. Allow automatic update to latest version. 3. Restart Steam service or reboot system. 4. Verify SteamService.exe and SteamService.dll are latest versions.

🔧 Temporary Workarounds

Restrict File Permissions

windows

Set proper ACLs on Steam installation directory to prevent unauthorized file modifications

icacls "C:\Program Files (x86)\Steam" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" /grant:r "Administrators:(OI)(CI)F" /grant:r "Users:(OI)(CI)RX"

Disable Steam Service

windows

Temporarily disable Steam Client Service if not required

sc config Steam Client Service start= disabled
sc stop "Steam Client Service"

🧯 If You Can't Patch

Implement strict file integrity monitoring on Steam installation directory
Restrict local user access to systems with Steam installed, especially on shared workstations

🔍 How to Verify

Check if Vulnerable:

Check if SteamService.exe and SteamService.dll in Steam directory can be replaced by non-admin users. Verify file versions are older than August 2019.

Check Version:

wmic datafile where name="C:\\Program Files (x86)\\Steam\\SteamService.exe" get version

Verify Fix Applied:

Confirm SteamService.exe and SteamService.dll have post-August 2019 timestamps and proper ACLs prevent unauthorized modifications.

📡 Detection & Monitoring

Log Indicators:

Windows Security event 4663 (file access attempts) on Steam directory
Unexpected file modifications to SteamService.exe or SteamService.dll

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=4663 AND ObjectName LIKE "%SteamService%" AND Accesses="WriteData" AND SubjectUserName NOT IN ("SYSTEM", "Administrators")

📊 Metadata

CVE ID: CVE-2019-15315

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: August 21, 2019

Last Updated: November 21, 2024

🔗 References

https://xiaoyinl.github.io/steam_EoP_bypass.html Third Party Advisory
https://xiaoyinl.github.io/steam_EoP_bypass.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-15315, you might also want to check these: