Dark Souls PvP servers taken offline to fix dangerous exploit

polygon.com:

FromSoftware and Bandai Namco are temporarily closing down player-versus-player multiplayer access to the Dark Souls games on Windows PC after a dangerous remote code execution (RCE) exploit became known to the public. The developer posted an update to its official Twitter on Sunday morning, which reads “PvP servers for Dark Souls3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services. Servers for Dark Souls: [Prepare to Die Edition] will join them shortly.”

Bandai Namco added, “This downtime does not affect PvP servers for Xbox or PlayStation consoles.”

The exploit, which fans worry could apply to the upcoming FromSoftware game Elden Ring, can give a bad actor control over someone’s computer. An RCE allows hackers to run malicious code, and an instance of this played out in action on The__Grim__Sleeper’s Twitch stream of Dark Souls 3 on Friday.

The streamer’s game crashed, a robotic voice starts insulting his gameplay, and then Microsoft PowerShell opened by itself — signs that a hacker had used a RCE to run a script that would trigger this kind of text-to-speech chaos. This is actually one of the better case scenarios; according to security experts, a RCE could lead to much worse, as it can be used to shut down systems and pilfer sensitive data.

Blue Sentinel, a community-made anti-cheat mod for Dark Souls 3, has been patched by its creators in an attempt to help protect against this new threat. It also seems as though this exploit was discovered and then publicized by members of the community due to posts made within the SpeedSouls community Discord.

Polygon has reached out to Bandai Namco with a request for comment