Heads-Up, A Nasty Dark Souls 3 Exploit Could Give Hackers Full Control Of Your PC
This week, a security vulnerability in Dark Souls 3 was discovered, allowing remote code execution (RCE) and any threat actor to wreak havoc on your PC. As this vulnerability only affects players who play online, potentially across the Dark Souls series, servers have been switched offline, and it seems Dark Souls developer FromSoftware and publisher Bandai Namco are working on the issue.
In the past week, it has been reported in the SpeedSouls’ Discord that a “hacker” discovered the vulnerability in Dark Souls 3, and knowing its danger, tried to report it to Dark Souls developers FromSoftware. However, it appears that he was repeatedly ignored and began to use other means to raise awareness of this new issue. Specifically, on the 22nd, this anonymous hacker exploited the vulnerability against a Twitch streamer named The__Grim__Sleeper while he was live playing Dark Souls 3.
Toward the end of the stream at around 1:20:20, The__Grim__Sleeper’s game crashed, and PowerShell popped open. After this, Microsoft’s text-to-speech generator began reading a copypasta (copy-pasted meme text) that jokingly criticized The__Grim__Sleeper and his gameplay. While harmless, this seemed to spook The__Grim__Sleeper, and he ended up calling it a night after this happened. In any event, this indicates that the hacker is not likely to be malicious and wants to do the right thing by the Dark Souls community.
Since this incident went public, a community-created anti-cheat program for Dark Souls 3 called Blue Sentinel was patched to protect against the RCE vulnerability. Moreover, the Bandai Namco team was made aware of the issue after being pinged on Reddit within threads talking about the issue. Therefore, it is thought that only a few people know how this vulnerability works, and it is not likely to spread beyond the initial group and the actual Dark Souls development team.
While this vulnerability and subsequent exploit incident ended well, perhaps this will be a wake-up call for some. If the reports of the hacker being ignored are accurate, then FromSoftware made a serious misstep, and it is quite possible that other issues were ignored as well. Hopefully, we will find out more in the coming days, so stay tuned to HotHardware and let us know what you think of this in the comments below.