Over the weekend, the developers of the Dark Souls series of games reported that the PC servers of Dark Souls: Remastered, Dark Souls 2, Dark Souls 3 and Dark Souls: PtDE are temporarily disabled due to a dangerous RCE vulnerability that allows remotely taking control of someone else’s machine.
Let me remind you that we also wrote that Hackers attacked Japanese game developer Koei Tecmo, and also that Hackers use PipeMon backdoor to attack game developers.And also in the media there was information that Hackers Influenced Valve’s Online Games Using Vulnerabilities in the Steam Platform.
One of the first to report the problem was Dexerto, which said that the exploit for this vulnerability was demonstrated to the public right during the Twitch stream.
Streamer The__Grim__Sleeper was playing Dark Souls 3, and already at the end of the stream (1:20:22) something incomprehensible began to happen to his computer. At first, the game just crashed over and over again, and then suddenly Microsoft’s automatic text-to-speech turned on, and the synthesized voice began to criticize the streamer’s gameplay.
The__Grim__Sleeper was very surprised and reported that Microsoft PowerShell opened by itself, that is, the hacker used it to run a script that activated the text-to-speech function.
Apparently, the streamer was not just a victim of a random troll. According to a screenshot from SpeedSouls’ Discord, the hacker discovered the vulnerability some time ago and tried to contact the FromSoftware developers about it, but was ignored, so he started hacking streamers in an attempt to draw attention to the problem.
According to a post on Reddit, the anti-cheat Blue Sentinel, developed by the fans of the game, has already been updated and is able to prevent the exploitation of the vulnerability. The same post explains that the reports circulating on the network that the exploit was leaked to the public are most likely a lie, because only four people knew how to use this vulnerability, two of which were the developers of Blue Sentinel, and the other two were people. who helped “work on it”. Most likely, we are talking about those who initially discovered the bug.
The developers and representatives of Bandai Namco, the publisher of Dark Souls, have not yet announced how long the game servers will be down, but it is clear that work is already underway to fix the vulnerability. Separately, it is emphasized that the shutdown does not apply to PvP servers for Xbox and PlayStation.