Dark Souls servers go offline to investigate critical security exploit. (Image credit: Dark Souls 3) From Software and Bandai Namco have temporarily deactivated the PvP servers for Dark Souls Remastered, 2, and 3, due to an “issue with online services.” Reports indicate that a dangerous RCE (remote code execution) exploit was discovered in Dark Souls 3, putting online PC players at high risk.
An RCE is one of the most dangerous forms of computer vulnerabilities, allowing an attacker to run malicious code and gain remote access to a system. One can then easily brick your PC, steal sensitive information, or install some malicious software. The exploit was seen in action during a Twitch live stream when The__Grim__Sleeper (streamer) was playing Dark Souls 3 online PvP.
PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services.
Servers for Dark Souls: PtDE will join them shortly.We apologize for this inconvenience.
— Dark Souls (@DarkSoulsGame) January 23, 2022
Towards the end of the VOD, his game randomly crashed and started playing Microsoft’s text-to-speech narrator criticising his gameplay. He claimed that Microsoft PowerShell opened by itself, indicating that a hacker had assumed control of his PC and ran a script that generated the robotic audio.
A screenshot circling within the Dark Souls community, however, paints a different story. Many believe that the person responsible for the attack did not have malicious intent, and had known about the exploit for quite some time now. Turns out, he had tried reaching out to From Software about the issue, but to no avail. So, in order to bring the developers’ attention to the exploit, he started targeting streamers, so there is live, definite proof.
According to a post on the Dark Souls 3 subreddit, Blue Sentinel, a community-made anti-cheat mod has been patched to prevent the exploit. Currently, there are only four people who know about the fix – two who worked on it, and two blue sentinel developers.
“If you go online, you aren’t likely to have your PC damaged, only because the people who know how to execute this understand the severity of it and are responsible. In my opinion, online should still be avoided until a community solution is created,” the post reads.
The exploit has only been found on PC, and therefore PvP servers for PlayStation and Xbox are still live. This is a big deal, given that Elden Ring launches in just under a month, and quite possibly runs on the same infrastructure. From Software is currently working on a solution and there has not been an update since the initial tweet.
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.
