FromSoftware/Bandai Namco
A vulnerability has been discovered in the popular game “DARK SOULS 3” that allows hackers to remotely control a PC and hijack it. Please note that this bug is for the PC version only.It seems that there is no effect on the Xbox version and PlayStation version。
DARK SOULS 3(Amazon)
In addition to “DARK SOULS 3”, this problem may affect “DARK SOULS 2”, “DARK SOULS REMASTERED” and “ELDEN RING” to be released. FromSoftware Inc. (developer) and Namco Bandai (publisher) have announced that they have temporarily shut down these PvP servers and are investigating the problem.
Dexerto, a major overseas game information site, has reported that an RCE (remote code execution) vulnerability was found in the PC version of “Dark Souls 3”, which could allow an attacker to control another person’s PC. This vulnerability only puts the risk to PC gamers who play online.
This vulnerability has actually been confirmed in the Twitch distribution of Dark Souls 3 online play. At the end of the stream (1:20:22), the game crashes and Microsoft’s speech synthesis generator suddenly begins to criticize gameplay. This shows that the hacker used RCE to run a script to activate the speech synthesis function of Windows.
However, in a post (screenshot) to SpeedSouls (a site that summarizes RTA information for the DARK SOULS series) Discord, a “hacker” tried to contact the developer FromSoftware about this vulnerability, but it was ignored, so the problem was It is explained that he hacked the distributor to attract attention to.
In fact, if a malicious person found this vulnerability and used it for the first time, it might not have been enough to troll the game distribution. As antivirus software Kaspersky points out, RCE is one of the most dangerous vulnerabilities, as hackers can irreparably damage victims’ PCs or even steal sensitive information. ..
By the way, the unofficial anti-cheat tool “Blue Sentinel” has been patched to close the hole in the RCE vulnerability.
A person in charge of Namco Bandai also wrote on the major bulletin board Reddit about this issue, “Thank you for Ping. The report on this issue was immediately submitted to the relevant internal team today. The information is very grateful. I have sent a comment.
In addition, while investigating the issue on Twitter’s official DARK SOULS account, I announced that I would temporarily shut down PvP (competition) servers such as DARK SOULS 3. It is not clear when it will be restored, but it seems to be fortunate that we were able to take early action before serious damage occurred.
PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services.
Servers for Dark Souls: PtDE will join them shortly.We apologize for this inconvenience.
— Dark Souls (@DarkSoulsGame) January 23, 2022
DARK SOULS 3(Amazon)
Source:Dexerto,The Verge
* The Japanese version of Engadget may get affiliate rewards from the links in the article.
