Back in January, a Remote Code Execution (RCE) was discovered in the Dark Souls games that made it so players could invade other players and control their PCs. This was such a big issue at the time, that Bandai Namco was forced to take the PvP servers offline for the PC versions while it resolved the problem.
The PvP servers remain down to this day, but one person who discovered the exploit has shared the details on the RCE after the publisher said it would fix the issue (via VGC).
The RCE details were shared on Github and disclosed proof of concept code and documentation. The description indicates that the vulnerability is confirmed to be present in Dark Souls, Dark Souls Remastered, Dark Souls 2, and Dark Souls 3.
The exploit hasn’t been confirmed in Demon’s Souls but it’s “very likely” and it’s been confirmed that there’s no way to trigger the RCE in Sekiro: Shadows Die Twice. The person did reveal that the exploit was “completely fixed” in Elden Ring.
LukeYui, the developer of fan-made Dark Souls anti-cheat software Blue Sentinel, also said that the Easy Anti Cheat software in Elden Ring “is heavily flawed and can be trivially bypassed in multiple ways.”
Last month, Bandai Namco announced that online services would be unavailable until after Elden Ring had launched, saying it would extend its investigation into the exploit to Elden Ring. “Due to the time required to set up proper testing environments, online services for the Dark Souls series on PC will not resume until after the release of Elden Ring,” the publisher explained. “We will continue to do everything we can to bring back these services as soon as possible.”
Despite the announcement, the Dark Souls PC PvP servers remain down and it’s unclear at the time when they will be fixed.
In other news, the Elden Ring Steam Deck fixes have been detailed by Valve.