Valve finally fixes CS:GO exploit that could give hackers control of PCs

Two years after it was reported.

Valve has finally fixed a security vulnerability in Counter-Strike: Global Offensive that could be used by hackers to gain remote control of a player's PC - an issue the company had reportedly known about for two years by the time its existence was publicised last week.

News of the exploit was circulated in a tweet by not-for-profit reverse-engineering group The Secret Club. It explained one of its members, Florian, had contacted Valve two years prior to report a remote code execution flaw which made it possible for a hacker to take over a target's PC by tricking them into accepting a Counter-Strike: Global Offensive Steam invite.

Although the exploit - one of several vulnerabilities reported to Valve by Secret Club members - had the potential to affect any game utilising Source Engine, The Secret Club stressed only CS:GO was still verifiably at risk. "We cannot say for sure if and when things have been patched in other games throughout the time without us being notified about it," it wrote.

Following The Secret Club's post, others began sharing stories of reporting bugs to Valve and receiving no response. As Florian put it in conversation with Vice's Motherboard, "Valve's response has been a complete disappointment right from the start. Our experience has always been slow response times, with little to no patches being pushed to production. They truly don't care about the security and integrity of their games."

However, it seems the increased scrutiny around the exploit resulting from The Secret Club's tweet finally spurred Valve into action, and the company has now patched the Counter-Strike vulnerability. "Good news!," Florian wrote in a follow-up tweet over the weekend, "Valve fixed my recent exploit and gave me permissions to disclose details." Florian says he's currently working on a detailed technical write-up, which he plans to release soon.

Eurogamer news cast: the improvements the PS5 desperately needs.

A separate remote code execution flaw, which can be triggered in Team Fortress 2 by joining a community server, was also highlighted by The Secret Club last week. This too is said to have been reported to Valve two years ago, but in this instance, is still awaiting a fix.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. Read our policy.

Jump to comments (5)

About the author

Matt Wales

Matt Wales

Reporter

Matt Wales is a writer and gambolling summer child who won't even pretend to live a busily impressive life of dynamic go-getting for the purposes of this bio. He is the sole and founding member of the Birdo for President of Everything Society.

Related

You may also enjoy...

Comments (5)

Hide low-scoring comments
Order
Threading
Eurogamer.net

Buy things with globes on them

And other lovely Eurogamer merch in our official store!

Eurogamer Merch