Over the weekend, the developers of the Dark Souls series of games reported that the PC servers of Dark Souls: Remastered, Dark Souls 2, Dark Souls 3 and Dark Souls: PtDE are temporarily disabled due to a dangerous RCE vulnerability that allows remotely taking control of someone else’s machine.
One of the first to report the problem was Dexerto, which said that an exploit for this vulnerability was demonstrated to the general public right during a Twitch stream.
Streamer The__Grim__Sleeper was playing Dark Souls 3, and already at the end of the stream (1:20:22) something incomprehensible began to happen to his computer. At first, the game just crashed over and over again, and then suddenly Microsoft’s automatic text-to-speech turned on, and the synthesized voice began to criticize the streamer’s gameplay.
The__Grim__Sleeper was very surprised and reported that Microsoft PowerShell opened by itself, that is, the hacker used it to run a script that activated the text-to-speech function.
Apparently, the streamer was not just a victim of a random troll. According to a screenshot from Discord SpeedSouls, the hacker discovered the vulnerability some time ago and tried to contact the FromSoftware developers about it, but was ignored, so he started hacking streamers in an attempt to draw attention to the problem.
According to a post on Reddit, the anti-cheat Blue Sentinel, developed by the fans of the game, has already been updated and is able to prevent the exploitation of the vulnerability. The same post argues that rumours circulating in the network about the leakage of the exploit is a lie, because only four people knew how to exploit this vulnerability, two of which were the developers of Blue Sentinel, and the other two were people who helped “work on it”. Most likely, we are talking about those who initially discovered the bug.
The developers and representatives of Bandai Namco, the publisher of Dark Souls, have not yet announced how long the game servers will be down, but it is clear that work is already underway to fix the vulnerability. Separately, it is emphasized that the shutdown does not apply to PvP servers, as well as servers for the Xbox and PlayStation.
Let me remind you that we reported that Valve was unable to fix an RCE vulnerability in the Source engine for a long time, and also that Tencent and Chinese police conducted a joint operation against game cheat developers.