reader comments
27 with 25 posters participating
Bandai Namco, publisher of the Dark Souls role-playing game series, has taken down its player-versus-player servers while it investigates reports of a serious vulnerability that allows players to execute malicious code on the PCs of fellow players.
Word of the critical remote-code-execution flaw emerged over the weekend in Reddit threads here and here. An exploit that hit a user named The_Grim_Sleeper was captured in a video stream posted over the weekend. Starting around 1:20:22, the user’s game crashed, and a robotic voice mocked his gameplay and maturity level.
“What the fuck,” The_Grim_Sleeper said in response. “My game just crashed, and immediately Powershell opened up and started narrating a fucking” screed. “I didn’t even know that shit was possible.”
Details about the vulnerability weren’t immediately available. Initially, reports said the vulnerability resided in Dark Souls 3. On Sunday, Bandai Namco representatives said the company was removing PvP server play for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered as it investigated the reports. The tweet also said that Dark Souls: Prepare to Die would be affected.
surfaced late last month. That vulnerability made it possible for Minecraft players to execute malicious code on the PCs or servers of fellow players.
Few details are available about the Dark Souls vulnerability, so its cause is not immediately clear. There’s no indication, at least at the moment, that Dark Souls for Xbox or Playstation are affected.
Blue Sentinel, a community-developed Dark Souls mod designed to counteract cheats, has already introduced an update that mitigates attacks, but until Bandai Namco gives players the all clear, players are best off staying away from player-on-player gaming.
Representatives from the game maker didn’t immediately respond to a request for comment.