What just happened? The ability to invade another player’s game is one of the defining characteristics of the Dark Souls series, but it seems that this feature can be used for very nefarious purposes. Yesterday (Sunday, January 23), Bandai Namco and From Software announced that the PvP servers for all three games have been temporarily suspended due to a security vulnerability that could allow an attacker to remotely run code on a PC.
Kotaku reports that a Dark Souls Remote Code Execution Exploit (RCE) was exposed during a Dark Souls 3 livestream a few days ago. You can see from this NSFW (expletive) clip how shocked The__Grim__Sleeper is when attacked, the game crashes and text-to-speech starts playing.
Twitter user @SkeleMann and several subreddits have confirmed the Dark Souls RCE vulnerability, including this Community Elden Ring it claims that it will also work in the upcoming game, one of the most anticipated games of the year.
There is a new, very serious exploit on PC that is plaguing Dark Souls 3 that can cause irreparable damage to your computer.
This can result in your PC being locked out, your login information being exposed, or programs running in the background. one/?
— SkeleMann (@SkeleMann) January 22, 2022
It is believed that the person who hacked the stream is not a hacker in the traditional sense. This is someone who knew about the exploit for a long time and tried to warn From Software about it, but felt that the company ignored them. Thus, a person has invaded the thread to draw more attention to the RCE vulnerability, which can be used to lock down a PC, steal information, and run programs in the background.
Bandai Namco responded to Reddit reports of the exploit, confirming that the information had been passed on to the appropriate teams. The official Dark Souls Twitter account also posted the following tweet:
“PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated so the team can investigate recent reports of an issue with online services. Dark Souls: PtDE servers will join them soon.” PvP servers for Xbox and PlayStation consoles are not affected.
The fan-made Blue Sentinel mod, previously used to protect against a hack that breaks a save game, has been updated to protect against the RCE vulnerability. It is believed that the latest exploit does not circulate in the wild and that only about four people directly associated with the Blue Sentinel know how to use it.