Dark Souls Goes Offline to Investigate Critical Security Flaw

pcmag.com:

From Software has taken down the servers for every Dark Souls game on PC to investigate a vulnerability that can be exploited to enable remote code execution (RCE) on a victim's system.

Dexerto reports that the flaw is said to lie in the networking code used by Dark Souls: Prepare to Die Edition, Dark Souls: Remastered, Dark Souls 2, Dark Souls 2: Scholar of the First Sin, and Dark Souls 3. It's also believed to be present in Elden Ring, which From Software is set to release on Feb. 25.

Twitter user "SkeleMann" publicly disclosed this vulnerability on Jan. 22 and said it "could brick your PC, let your login information be shared, or execute programs in the background." They advised Dark Souls players to go offline until the security problem was addressed.

The creators of Blue Sentinel, a Dark Souls 3 mod that claims "it will protect you from malicious cheats, flag players who use them, and allow you to kick them from your world," actually released an update related to this vulnerability before From Software publicly acknowledged it.

SkeleMann reports that a similar mod for Dark Souls 2 called Blue Acolyte is also being updated to defend against this vulnerability. In the meantime, Dark Souls players on PC will have to make do without player-versus-player (PVP) elements until the servers are brought back online.

From Software says the PVP servers for Xbox and PlayStation players—the company doesn't specify which titles or console generations—remain online. It's not clear if that's because of differences in the networking code or because of the consoles' other security measures.

Sign up for Security Watch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain