Source SDK and Games

Valve Corporation released a patch that addresses a simple buffer overflow vulnerability, identified by One Up Security researcher Justin Taft, in the Source software development kit (SDK), which allowed malicious code to be downloaded and remotely executed on Steam users’ machines. Although the Source Engine is not open source, Valve allows third-party developers to create custom modifications or assets for Source games. Generally, when these modifications or assets are applied to a game server, a user's game automatically downloads the updates when connected to play. The NJCCIC recommends all users apply updates for Source games, third-party developers apply the Source SDK patch as soon as possible, and gamers disable auto-downloads for third-party gaming assets.