The man whose discovery of a serious Dark Souls exploit forced Bandai Namco to shut down all PC game servers has said he will publicly reveal the details of the vulnerability ahead of Elden Ring’s release this month.
PvP servers for Dark Souls: Remastered, Dark Souls 2, and Dark Souls 3 have been shut down for three weeks after a serious remote code execution (RCE) vulnerability was discovered that allegedly allows attackers to take control of other players’ computers.
Now, one of the people behind the discovery of the vulnerability has said that he will publicly reveal the details of the exploit after Bandai Namco released a statement claiming that it will fix the problem.
FromSoftware has announced their plan for Dark Souls servers and confirmed that the exploit will be fixed in Elden Ring. So I’m planning a public disclosure. At the moment I don’t know the exact date as I will be very busy next week, but it will be a few days to a week before Elden Ring releases.
It is common for hacker groups to publicly disclose details about vulnerabilities to ensure that companies keep their promise to fix them.
The person behind the RCE discovery said last week that he had notified Bandai Namco more than a month before, and that neither the publisher nor the From developer acted on the warning until its discoverer demonstrated it publicly. streaming on Twitch.
According to those familiar with the issue, RCE allows a user to remotely run code on another player’s PC and then control it, potentially giving them access to sensitive data or allowing them to run malware.
While the exploit is clearly serious, only a handful of people outside of Bandai Namco are believed to know how to use it, and they have no interest in using it for anything malicious.
The person who discovered RCE claims that there are serious issues with the entire Souls games overall network infrastructure and said he thinks it is “inevitable” that Elden Ring will contain many of the same exploits that are “likely to be ported without issue and used when releasing cheats”.
In a statement released this week, Bandai Namco confirmed that online services for Dark Souls PC games will remain offline until the release of Elden Ring on February 25 as they work to fix the exploit.
By the time Elden Ring is released, the Dark Souls servers will have been offline for over a month.