Sunday, December 22, 2024

Critical RCE in Dark Souls III Videogame, says Kaspersky

Dangerous vulnerability was discovered in Dark Souls III videogame that can be used to gain control of a gamer’s computer.

The gaming community is discussing a recent vulnerability in the Dark Souls III videogame. This RCE vulnerability allows attackers to remotely execute arbitrary code on a victim’s computer.

Apparently, the vulnerability also affects earlier games in the Dark Soul series: because of this, the developers have taken the unusual step of temporarily deactivating PvP servers across Dark Souls Remastered, Dark Souls II, and Dark Souls III.

According to the developers, they also plan to turn off servers for Dark Souls: Prepare To Die as well. Players fear that the same vulnerability could also affect the upcoming Elden Ring game, which is thought to use the same infrastructure. The bug is relevant only for PC users, so Xbox and PlayStation are unaffected.

Why Dark Souls vulnerability is so dangerous

This vulnerability allows an attacker to execute almost any program on the victim’s computer, so they’re able to steal confidential data or execute any program they wish (including installing malware).

You can find a demonstration of the exploit in the Twitch stream of the player named The_Grim_Sleeper in which an unknown person launched a PowerShell script on the streamer’s computer that used the Windows Narrator engine to read out critical notes about the gameplay.

What is the chance that Dark Souls vulnerability will be exploited ITW?

The details of the exploit for this vulnerability are not available to the general public, at least not yet. Despite the ethically dubious way of drawing attention to the problem, the person behind the attack apparently was not trying to cause any real harm. Judging by the discussion in the Dark Souls community, the creator of the exploit has been trying to inform the game’s developers about this serious vulnerability for some time, but they had ignored his messages. That’s why he decided to hack a popular streamer right during the streaming session.

Recommended:  Pegasus screenshots depict NSO Group's spyware capabilities

However, this information is not 100% reliable, in reality everything may not be so straight-forward. For example, the creator of the exploit has already shared information about the vulnerability with the developers of the Blue Sentinel plugin, a mod for Dark Souls designed to counteract cheats. And one can only guess who else could get this information. Also, once demonstrated, other hackers may try to replicate the exploit and use it to cause real harm to players. There are various possible scenarios here: attackers can use it to steal passwords from game accounts or crypto wallets, install good old ransomware, hidden miners, and much more.

How to stay safe from Dark Souls vulnerability?

Apparently, FromSoftware is currently trying to solve the problem. Let’s hope they can fix the vulnerability quickly. However, in the meantime, we recommend using high-quality security solutions for each device. Thanks to a special gaming mode, our antiviruses protect against all kinds of threats, including the exploitation of vulnerabilities, while consuming a minimum of PC resources and without interfering with the gameplay.

source

You may also enjoy reading, Assange Wins First Stage in Effort to Appeal US Extradition

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security