The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
There’s a dangerous remote-code execution (RCE) bug in the Dark Souls video game that could let attackers brick the PCs of online players.
The flaw could allow attackers to do pretty much anything: As Kaspersky researchers explained on Monday, the bug “allows an attacker to execute almost any program on the victim’s computer, so they’re able to steal confidential data or execute any program they wish” – that includes installing malware, letting them access sensitive information or enabling them to rip off resources for cryptocurrency mining.
The main problem is with Dark Souls III, but the remote code-execution (RCE) vulnerability also affects earlier games in the Dark Soul series, leading the developers to temporarily turn off player-versus-player (PvP) servers across Dark Souls Remastered, Dark Souls II and Dark Souls III. PvP refers to players being able to interact and duel with each other.
This same bug is reportedly an issue in the Elden Ring game.