A dangerous remote code execution (RCE) exploit found in Dark Souls 3 could put a bad actor in control of your computer, according to a report by Dexerto. The vulnerability only compromises PC gamers who play online and could potentially affect dark souls, Dark Souls 2, and the coming Elden Ring.
The exploit was seen in action during The__Grim__Sleeper’s Twitch stream from Dark Souls 3 online. At the end of the stream (1:20:22), The__Grim__Sleeper’s game crashes and the robot voice of Microsoft’s text-to-speech generator suddenly starts criticizing its gameplay. The__Grim__Sleeper then reports that Microsoft PowerShell opened by itself, a sign that a hacker used the program to run a script that activated the text-to-speech feature.
However, this probably wasn’t a malicious hacker – a screenshot of the message on the SpeedSouls’ Discord may reveal the “hacker”‘s real intentions. According to the post, the “hacker” was aware of the vulnerability and attempted to contact dark souls developer FromSoftware about the problem. He was reportedly ignored, so he started using the hack on streamers to draw attention to the issue.
But if a bad actor had discovered this problem first, the outcome could have been much worse. RCE is one of the most dangerous vulnerabilities, as noted by Kaspersky. It allows hackers to run malicious code on their victim’s computer, causing irreparable damage and potentially stealing sensitive information while they’re at it.
Blue Sentinel, a community-created anti-cheat mod for Dark Souls 3, has since been patched to protect against the RCE vulnerability. In a post on the r/darksouls3 subreddit, a user explains that (hopefully) only four people know how to run the RCE hack – two of them are Blue Sentinel developers and the other two are people “who worked on it.” “, possibly referring to the individuals who helped expose the problem.
For now though, it’s probably best to stay away dark souls online until an official fix is released. A representative from Bandai Namco responded to a Reddit post in response to the issue: “Thank you so much for the ping, a report on the subject was submitted to the relevant internal teams earlier today, the information is much appreciated!” The edge contacted Bandai Namco with a request for comment, but did not immediately hear back.