CNET también está disponible en español.

Ir a español

Don't show this again

Security

Steam fixed a bug that reportedly left PCs vulnerable for over 10 years

Good thing it's gone -- it was apparently a nasty one.

steam-link-02296.jpg
Nate Ralph/CNET

"Remote code execution vulnerability" isn't a phrase you want to hear when talking about your PC. It means someone could hack into your computer and launch nefarious programs without even being in the room. But according to Contextis security researcher Tom Court (via Motherboard), Valve's popular Steam game launcher has featured a remote code execution vulnerability for over a decade now.

The good news: It's already fixed. 

The fix happened quickly, too: Court says he told Valve about the bug on Feb. 20, and the company pushed out an initial fix just 8 hours later. By March 22, the bug was completely eliminated, according to Court. 

The bad news: If it's as bad as Court says it was (and demonstrates in the video above), millions upon millions of PC gamers were vulnerable for a very long time. Steam has as many as 15 million active users at any given moment, and total users are estimated above 125 million.

Valve didn't immediately respond to a request for comment, but an April changelog for the Steam Client does thank Court by name.

Now playing: Watch this: The Steam Link app brings your games to the small screen
1:36