A vulnerability in the "Dark Souls" series that could take over a PC was discovered.Battle server paused

A vulnerability has been discovered in the popular game "DARK SOULS 3" that allows hackers to remotely control a PC and hijack it. In addition, this bug is only for the PC version, and it seems that it does not affect the Xbox version and PlayStation version.

DARK SOULS 3 (Amazon)

In addition to "DARK SOULS 3", this problem may affect "DARK SOULS 2", "DARK SOULS REMASTERED" and "ELDEN RING" to be released. FromSoftware Inc. (developer) and Namco Bandai (publisher) have announced that they have temporarily shut down these PvP servers and are investigating the problem.

Dexerto, a major overseas game information site, has reported that an RCE (remote code execution) vulnerability has been found in the PC version of "Dark Souls 3", which could allow an attacker to control another person's PC. This vulnerability only puts the risk to PC gamers who play online.

This vulnerability has actually been confirmed in the Twitch distribution of Dark Souls 3 online play. At the end of the stream (1:20:22), the game crashes and Microsoft's speech synthesis generator suddenly begins to criticize gameplay. This shows that the hacker used RCE to execute a script to activate the speech synthesis function of Windows.


 『ダークソウル』シリーズにPC乗っ取りの恐れある脆弱性が発見。対戦サーバーが一時停止

However, in a post (screenshot) to SpeedSouls (a site that summarizes RTA information for the DARK SOULS series) Discord, a "hacker" tried to contact the developer FromSoftware about this vulnerability, but it was ignored, so the problem was It is explained that he hacked the distributor to attract attention to.

In fact, if a malicious person found this vulnerability and used it for the first time, it might not have been enough to troll the game distribution. As antivirus software Kaspersky points out, RCE is one of the most dangerous vulnerabilities, as hackers can irreparably damage victims' PCs or even steal sensitive information. ..

By the way, the unofficial anti-cheat tool "Blue Sentinel" has been patched to close the hole in the RCE vulnerability.

A person in charge of Namco Bandai also wrote on the major bulletin board Reddit about this issue, "Thank you for Ping. The report on this issue was immediately submitted to the relevant internal team today. The information is very grateful. I have sent a comment.

In addition, while investigating the issue on Twitter's official DARK SOULS account, I announced that I would temporarily shut down PvP (competition) servers such as DARK SOULS 3. It is not clear when it will be restored, but it seems to be fortunate that we were able to take early action before serious damage occurred.

This content is not available in your privacy settings.Please change the setting here

DARK SOULS 3 (Amazon)

Source: Dexerto, The Verge

Related Articles