- #GOG GALAXY UPDATER MALWARE UPDATE#
- #GOG GALAXY UPDATER MALWARE PATCH#
- #GOG GALAXY UPDATER MALWARE CODE#
- #GOG GALAXY UPDATER MALWARE PC#
That ensures that all file system objects behind that path inherit from the parent directory in both cases.
#GOG GALAXY UPDATER MALWARE PATCH#
While a patch is available, users of GOG Galaxy can also replace the “Full Control” permission with “Read and Execute” for the “Everyone” group in the GOG Galaxy “Temp” directory.
Richard Johnson with Cisco Talos first notified the vendor of both flaws on Nov. “Users can also elevate to other user accounts by overwriting arbitrary executables.” “If the installed games include a privileged installer component, such as a DirectX installer, Visual Studio redistributable, or some other run-once installer that executes with Administrator permissions, the attack can result in Administrative access,” said Cisco.
#GOG GALAXY UPDATER MALWARE CODE#
An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges.īy default, GOG Galaxy installs games in a directory that allows anyone on the system to have “full control” – allowing all users to read, write or modify arbitrary files in the “Games” directory. Meanwhile CVE-2018-4049 exists in the file system permissions of GOG Galaxy’s “Games” directory. “The executables include sensitive data, such as a root CA, as well as executables that will be run with SYSTEM privileges once they are installed, allowing an attacker to overwrite them prior to installation to achieve arbitrary code execution with SYSTEM privileges.” “An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges,” according to Cisco. This enables all users to read, write or modify arbitrary files related to the GOG Galaxy Updater Service.
#GOG GALAXY UPDATER MALWARE UPDATE#
The issue is that GOG Galaxy extracts the executables for the automatic update function in a directory by default, allowing anyone on the system to have full control. The flaw (CVE-2018-4048) exists in the file system permissions of GOG Galaxy’s “temp” directory, which is where games that users are downloading go until they have been fully downloaded. The two most serious vulnerabilities are an exploitable local privilege escalation vulnerability (CVE-2018-4048) in the file system permissions of GOG Galaxy’s “temp” directory, and a exploitable local privilege elevation vulnerability (CVE-2018-4049) in the file system permissions of GOG Galaxy’s “games” directory. A patch is available and users are encouraged to update as soon as possible.
#GOG GALAXY UPDATER MALWARE PC#
GOG, short for “Good Old Games,” has emerged as a popular alternative for Steam by offering older games not typically available on digital PC marketplaces. GOG Galaxy, version 1.2.48.36, is impacted. “As they all come from different functions, there is no one, clear workaround and they can only be fixed through this patch.” “Users are encouraged to update to the latest version of GOG Galaxy Games here as soon as possible in order to avoid these vulnerabilities,” said Talos researchers in a Tuesday post. The researchers assert that the GOG Galaxy video game launcher contains six flaws that could allow a malicious actor to carry out a variety of attacks – including two critical vulnerabilities enabling an attacker to execute arbitrary code with system privileges. GOG Galaxy Games, a popular video game digital distribution platform that enables users to purchase new games and launch them from their desktop, is riddled with vulnerabilities, according to researchers at Cisco Talos.
0 kommentar(er)
