• Home
  • About
  • Contact us
Tech News, Magazine & Review WordPress Theme 2017
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
Technovanguard — Be at the forefront of technology news
No Result
View All Result

GOG Has Had a Severe Internal Vulnerability Problem for Nearly 2 Years; GOG: It’s a Very Complex Matter, but Works on the Fix Are Ongoing

Justin Rowell by Justin Rowell
29.09.2022
Home Gaming

GOG Galaxy CDPR

GOG has a vulnerability exploit that has been seemingly ignored by the CD Projekt RED subsidiary ever since it was first sighted. The exploit was first archived as a vulnerability by the National Vulnerability Database (NVD) in August 2020. This vulnerability allows for local privilege escalation from any authenticated user to SYSTEM.

This exploit essentially allows users to inject DLLs into GOG’s Galaxy client. Simply put, GOG can be used to escalate privileges. Thus, users can gain an administrative role in the system itself. This can essentially open the way for hackers to gain access to supply chain attacks on different systems.

As the NVD Database entry puts it:

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based “trusted client” protection mechanism.

Needless to say, any user profile can give itself administrative privileges through GOG Galaxy and then gain access to every computer where the GOG Client is installed. The exploit was originally discovered by white hat hacker and Positron Security Founder Joseph Testa. However, that happened in January 2020.

GOG reacted by releasing an update that would fix this issue. However, it was found that this simply updated the signing key used for verifying messages. This key has been recovered and the proof-of-concept has been updated with it. So yes, the exploit still works, unmodified, and has been reported as a 0-day vulnerability in GOG’s Galaxy client.

Joseph Testa posted a comprehensive analysis that detailed some of his conversations with GOG Support. This conversation started on June 4, 2020, and the entire thread can be read in the link above.

GOG.com Support replied with:

“I was informed that our Developers are working on fixing the issue, but executing the attack requires the machine to be already compromised.”

Because this sounded like GOG was not taking the issue seriously, I responded with:

“It is indeed true that an attacker must have low-privilege access to the machine already. But the problem is that this can be escalated into Administrator rights by abusing the GalaxyClientService software. […] Local privilege escalation (LPE) is a serious vulnerability.

GOG customers may install software/games from other untrusted sources without Administrator rights, which normally would protect them from full system compromise. Unfortunately, due to the vulnerabilities I’ve discovered in GalaxyClientService, all user accounts are effectively administrators.”

Shortly afterward, GOG told Joseph that their developers needed three months to create a solution. Of course, since the Advisory is currently online, that means that this fix wasn’t provided after the 3-month time passed. In fact, as recently as September 2021, it’s been confirmed that the GOG Galaxy 2.0 exploit continues to work.

In other words, any user who installs Galaxy 2.0 will run the risk of having an attacker gain administrator access. As the poster of the Reddit thread that discovered that the exploit still works puts it:

My major concern is people assume that, since it has been so long past the 3-month timeline the developers proposed for a fix, that it has been fixed. Hell, why would a development team not fix something like this in their software? Too bad this is not the case, and your system is still vulnerable if you have GOG Galaxy 2.0 installed.

When Technovanguard reached out to GOG earlier this week for comment regarding this situation, they replied with the following statement:

We’re aware of the security issue in GOG GALAXY and we confirm that the works on the fix are ongoing. It turned out to be a very complex matter and require changes made to the design of the client itself. As always, we will inform users about the fix in the GOG GALAXY changelog once the patch is deployed. Furthermore, we want to reassure everyone that security topics are important to us and we take all of them seriously.

In its current form, the proof of concept exploit outlined by Joseph Testa only causes the Galaxy client to crash. As such, it can easily be inferred that this might be a temporary measure made by CDPR to prevent any attacks from happening while they work on solving this issue. Of course, this could also mean that the exploit no longer works with the outdated proof of concept and can be accessed by malicious attackers with a more refined process.

You can watch a comprehensive timeline of events that outlines the severity of the exploit below in the YouTube video linked below.

For now, it’s best to be careful around the GOG Galaxy program, and it’s heavily advised to keep an eye on what programs get installed through the service.

The post GOG Has Had a Severe Internal Vulnerability Problem for Nearly 2 Years; GOG: It’s a Very Complex Matter, but Works on the Fix Are Ongoing by Ule Lopez appeared first on Technovanguard.


Next Post
The Lord of the Rings trilogy turns 20, and we have so much to say

The Lord of the Rings trilogy turns 20, and we have so much to say

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Final Fantasy 14 goes back on sale Jan. 25, as Square Enix eases server congestion

Final Fantasy 14 goes back on sale Jan. 25, as Square Enix eases server congestion

29.09.2022
Climate Report Rebukes Overshoot Plans with “Irreversible Consequences”

Climate Report Rebukes Overshoot Plans with “Irreversible Consequences”

29.09.2022

Trending.

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

Netflix’s vampire movie Day Shift adds real bite to a classic action throwback

06.01.2023
Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

Staying Ahead of the Game: The Top 10 Most Popular Websites for IT and Modern Technology

30.01.2023
Travel Business and Content Marketing: A Match Made in Heaven

Travel Business and Content Marketing: A Match Made in Heaven

07.02.2023
Join MDM for a holiday happy hour in Austin on December 16th

Join MDM for a holiday happy hour in Austin on December 16th

29.09.2022
The creator of Celebrity Deathmatch looks back at the versus show’s weirdest highlights

The creator of Celebrity Deathmatch looks back at the versus show’s weirdest highlights

29.09.2022
Technovanguard — Be at the forefront of technology news

Technovanguard - The latest news from the world of IT and modern technologies.

Categories

  • Computing
  • Entertainment
  • Gaming
  • Internet
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space
  • Без рубрики

Tags

best bitcoin casino best bitcoin gambling site best crypto casino bitcoin gambling site btc casino FEATUREDNEWS linkedin connection message linkedin connection request template linkedin connect message examples linkedin networking message template linkedin sales message top bitcoin casinos

Recent News

Ukrainian Soldier on Prosthesis to Participate in 2023 TCS London Marathon

Ukrainian Soldier on Prosthesis to Participate in 2023 TCS London Marathon

28.03.2023
Talents on AI: Kyiv to Host Three-Day Hackathon Connecting Developers and Sponsors in May 2023

Talents on AI: Kyiv to Host Three-Day Hackathon Connecting Developers and Sponsors in May 2023

07.03.2023
  • Home
  • About
  • Contact us

© 2021 technovanguard.com. Submit news release

No Result
View All Result
  • Computing
  • Entertainment
  • Gaming
  • Mobile
  • Science
  • Security
  • Services
  • Software
  • Space

© 2021 technovanguard.com. Submit news release