PSA - DS1, 2, 3 and Elden Ring critical vulnerability

agnes · 23 Jan 2022 at 07:37

Edit: blue sentinel isn't effective against the vulnerability and until officially patched, it's advised to play offline. Bandai Namco are aware. Thank you @Grim5

The community has discovered a critical weakness in the games base code which allows machine level control from attackers. It was even demonstrated in a guys stream by the guy who discovered it. He took over his computer, closed the game, opened powershell and had it narrate a message.

Bandai Namco are famous for not listening to the community so my advice is to install Blue Sentinel which is a community mod used to stop cheaters when playing online. The creators of this mod are aware of the exploit and working with the person who discovered the weakness.

https://www.pcgamer.com/psa-dont-pl...mote-code-execution-vulnerability-is-patched/

Grim5 · 23 Jan 2022 at 07:47

Blue sentinel doesn't work against this exploit sorry. Only thing you can do is play offline.

bandai namco have acknowledged the issue, if it can't be fixed by launch the PC servers will be offline at launch until it's fixed

smogsy · 23 Jan 2022 at 07:47

another reason for all software including Games to go through full security compliance by A/Multiple trusted authority before release.

Google/MS/Apple are planning to do just this for the web But we need it for software as whole

we do it at our company with software with 20 million+ lines of code

Running it through Vulnerability scanner in depth mode takes 30 minutes to 1 hour, no reason companies could not automate this & rule out 98% of security issues that arise

But companies in general see Security as not required for games

agnes · 23 Jan 2022 at 07:57

Grim5 said:
Blue sentinel doesn't work against this exploit sorry. Only thing you can do is play offline.

bandai namco have acknowledged the issue, if it can't be fixed by launch the PC servers will be offline at launch until it's fixed

Ah, thank you, I just saw the news, I'll update the original post.

Rroff · 23 Jan 2022 at 08:14

smogsy said:
Running it through Vulnerability scanner in depth mode takes 30 minutes to 1 hour, no reason companies could not automate this & rule out 98% of security issues that arise

Not sure with games it is as simple as that - some stuff like remote console vulnerabilities can be completely transparent to automated security analysis.

smogsy · 23 Jan 2022 at 09:22

Rroff said:
Not sure with games it is as simple as that - some stuff like remote console vulnerabilities can be completely transparent to automated security analysis.

it wouldn't pick up Every issue but it would pick up some of the console vulnerabilities in the last few years & it would 100% pick up game companies leaving Network ports like 9530-12000 open without Authentication from a trusted source looking at you COD, EA in general

At least it would protect against most silly mistakes

Vulnerability scanners now learn from previous Failed states so as users input new vulnerabilities d to the DB AI then does that & attacks it variety of ways users could not dream of

AT the end of day @Rroff anything is better that we currently have.

That is it appears to no game company actaully protecting their customers

loftie · 23 Jan 2022 at 16:12

agnes said:
Bandai Namco are famous for not listening to the community so my advice is to install Blue Sentinel which is a community mod used to stop cheaters when playing online.

Would it not be down to FromSoftware since they're the devs?

Grim5 · 23 Jan 2022 at 23:13

This morning Bandai Namco has taken down the PC servers for several souls games while they work on fixing the issue

https://mobile.twitter.com/DarkSoulsGame/status/1485210967009071108