A dangerous RCE (Remote Code Execution) exploit found in Dark Souls 3 could take control of your computer, according to a bad actor report malfunction. The vulnerability only puts PC gamers who play online at risk and could potentially have an impact Dark Souls, dark souls 2, and what is to come elden ring.
The exploit was seen in action during The__Grim__Sleeper’s twitch stream Dark Souls 3 on-line. At the end of the stream (1:20:22), The__Grim__Sleeper’s game crashes and the robotic voice of Microsoft’s text-to-speech generator suddenly starts criticizing its gameplay. The__Grim__Sleeper then reports that Microsoft PowerShell opened by itself, a sign that a hacker used the program to run a script that triggered the text-to-speech feature.
However, this was probably not a malicious hacker – a screenshot post in the SpeedSouls discord might reveal the “hacker’s” actual intentions. According to the post, the “hacker” knew about the vulnerability and attempted to contact it Dark Souls Developer FromSoftware about the problem. He was reportedly ignored, so he started applying the hack to streamers to raise awareness of the issue.
But if a bad actor had spotted this problem first, the outcome could have been far worse. RCE is one of the most dangerous security vulnerabilities, as noted by Kaspersky. It allows hackers to run malicious code on their victim’s computer, causing irreparable damage and potentially stealing sensitive information while they’re at it.
Blue Sentinel, a community created anti-cheat mod for Dark Souls 3, has since been patched to protect against the RCE vulnerability. In a post on the r/darksouls3 subreddit, a user explains that (hopefully) only four people know how to run the RCE hack – two of them are Blue Sentinel developers, and the other two may be people “who worked on it to have”. Reference to the people who helped uncover the issue.
For now, though, it’s probably best to stay away Dark Souls online until an official fix is released. A Bandai Namco representative commented on a Reddit post in response to the issue, saying, “Thank you for the ping, a report on this issue was sent to the relevant internal teams earlier today, the information is greatly appreciated!” The edge reached out to Bandai Namco for comment, but did not immediately receive a response.