We’ve learned a RCE exploit was found in Dark Souls III, or a remote code execution vulnerability. This is an exploit that allows hackers to remotely access victims’ PCs, with the potential to run malicious code or steal personal information.
While the RCE exploit was found in Dark Souls III, a recent Twitch stream demonstrated the RCE in action, as a remote user was able to exploit the RCE vulnerability to run a text-to-speech program through PowerShell after crashing the streamer’s game.
News of the vulnerability has spread among Reddit and Discord and been reported on by multiple news outlets. The fanmade anti-cheat mod Blue Sentinel has been patched to repair the vulnerability, but it’s still recommended that players avoid running Dark Souls 3 online until From Software provides an official fix.
According to a Reddit post from a Bandai Namco-affiliated account, “A report on this topic was submitted to the relevant internal teams,” which seems to imply that they will be fixing the exploit in both games soon.
Dark Souls III has been available for Windows PC (via Steam), Xbox One, and PlayStation 4. In case you missed it, you can find our review for Dark Souls III here (we highly recommend the game).