Heads up to anyone playing Dark Souls III on PC, there’s another nasty exploit making the rounds. This exploit is an RCE or remote execution exploit. This is not the same exploit that affected Dark Souls III players several years ago.
According to Twitter user SkeleMann, this exploit could capture your login information for your computer, execute programs in the background, or possibly even hose your OS. This exploit has been discovered by someone who attempted to reach out to Bandai Namco. When this failed, the person streamed the exploit in action, showing it in action.
So far, no one else has the method to replicate this. However, that can’t be 100% confirmed, so until it can be patched or protected against, it’s recommended for PC Dark Souls III players to stay offline.
Unfortunately, the popular Blue Sentinel anti-cheat tool created to help protect Dark Souls III players while playing online does not protect against this exploit. LukeYui, the creator of the Blue Sentinel mod, believes that this exploit is made possible due to the netcode of Dark Souls III. Currently, LukeYui is working on a fix for the Blue Sentinel program, alongside the person who discovered the exploit
Hey everyone, it’s come to our attention that a Remote Code Execution (also known as RCE) exploit has emerged for Dark Souls III on PC. This means that potentially malicious players connected to your game may be able to execute code by sending information to your game that directly affects aspects of your operating system. This can lead to sensitive information leaks, including but not limited to: installation of malicious programs such as keyloggers or viruses, theft of account information or login tokens, and access to other sensitive information such as banking info or other things that may be stored on your computer.
We’ve referenced the program Blue Sentinel, a community-made program that serves as a third-party anti-cheat in the past for issues like this; however, it has apparently been made known that RCE can bypass Blue Sentinel. For this reason, it is recommended that if you play Dark Souls III on PC, you may want to stay offline until a further development is made against this exploit. If you still really want to play online, know that there is still a risk of the aforementioned effects, and it would still be recommended to do some research in to the Blue Sentinel mod to see if it can help with anti-cheat effects.
Sadly, the Blue Sentinel development team has mentioned that this exploit could exist in Elden Ring. This is likely due to no major changes to the netcode in between its Fromsoftware title releases. They have reached out to Bandai Namco regarding this and have made them aware. A community manager from Bandai Namco has confirmed this and has mentioned that this is being looked into.
Again, if you play Dark Soul 3 on PC, it is not recommended to play online. At least not until LukeYui manages to get Blue Sentinel updated to protect against this RCE or Bandai Namco and Fromsoftware release a patch. However, considering that Dark Souls III hasn’t released a patch in years, I wouldn’t count on one. For now, Blue Sentinel is the only chance for the PC Dark Souls III community.
As for me, I stopped playing Dark Souls III on PC for a few years now. I was invaded by a hacker, several times, I might add, and I was not running Blue Sentinel. The first time, my save file was corrupted, and Bandai Namco ended up soft-banning me. The second time, I was fully banned from playing Dark Souls III on PC. Despite appealing to the publisher and showing them the evidence, it didn’t matter. Now, I only play Dark Souls III on the PlayStation and Xbox.
While there might not be an official patch from Fromsoftware and Bandai Namco, I hope this does get addressed before Elden Ring is released. If not, and this exploit ends up in the wrong hands, then Elden Ring will be a minefield when it gets released.
Source: Twitter user SkeleMann, Elden Ring Discord