From the comments in the article itself (ArsTechnica has really useful comments, sometimes even better than the article):
======
Artem S. Tashkinov Wise, Aged Ars Veteran
This vulnerability looks scary ... only until you realize that Steam allows game devs to install any additional applications/libraries which means a bad "game" developer can similarly force the user to install whatever malware the developer wants. And I'm pretty sure Valve does not require game devs to show their source to the company, so it's all based on mutual trust which can be breached.
On the other hand this vulnerability allows malware, when it detects that Steam is installed, to gain additional SYSTEM level priveleges clandestinely which is really really bad, as it completely circumvents Windows security and makes the UAC prompt useless.
If Valve isn't already fixing this glaring hole, Microsoft should intervene and request an immediate response.
=======
======
Artem S. Tashkinov Wise, Aged Ars Veteran
This vulnerability looks scary ... only until you realize that Steam allows game devs to install any additional applications/libraries which means a bad "game" developer can similarly force the user to install whatever malware the developer wants. And I'm pretty sure Valve does not require game devs to show their source to the company, so it's all based on mutual trust which can be breached.
On the other hand this vulnerability allows malware, when it detects that Steam is installed, to gain additional SYSTEM level priveleges clandestinely which is really really bad, as it completely circumvents Windows security and makes the UAC prompt useless.
If Valve isn't already fixing this glaring hole, Microsoft should intervene and request an immediate response.
=======