Major Souls exploit that took servers offline ‘to be made public before Elden Ring’

videogameschronicle.com:

A person whose discovery of a major Dark Souls exploit forced Bandai Namco to pull all PC game servers offline has told VGC they will publicly disclose details of the vulnerability before the release of Elden Ring this month.

PvP servers for Dark Souls: Remastered, Dark Souls 2 and Dark Souls 3 have been offline for three weeks, following the discovery of a severe remote code execution (RCE) vulnerability, which was said to allow abusers to take control of other players’ PCs.

Now, one of the people behind the discovery of the vulnerability has told VGC they will publicly disclose details of the exploit, after Bandai Namco released a statement claiming it would fix the issue.

“FromSoftware has just announced their plan regarding the Dark Souls servers and confirmed the exploit will be fixed in Elden Ring,” the person told VGC. “As such, I am planning to go through with the public disclosure. For now, I don’t know the exact date since I will be quite busy next week, but it will be a few days up to a week before Elden Ring release.”

It’s typical that hacker groups publicly disclose details of vulnerabilities, to ensure that companies follow through with their promise to fix them.

As reported by VGC last week, the person behind the discovery of the RCE said that they had made Bandai Namco aware of it over a month earlier, and that neither the publisher nor developer From acted upon the warning until its discoverer demonstrated it in a public Twitch stream last month (as seen in the video below).

According to those familiar with the issue, the RCE enables the user to remotely run code on another player’s PC then take control of it, potentially giving them access to sensitive data or allowing them to run malicious software.

Although