The bug that allows this level of authority over your system is very serious indeed as attackers can hit connected systems in mass. As of this writing FromSoftware has been shutting down the PVP servers for several online gaming options and titles. This shows the severity of the issue. Players are also being advised to not play Dark Souls online until it is corrected. How this was left in the system is unclear, but as more and more developers push for in-game advertising. Gaming tracking and analytical data collection on top of a host of other “that’s a good idea” type development, it really was only a matter of time.

Honestly, we expected an attack of this level to come from the anti-cheat mods that are common. These mods are designed to monitor gamers to see if they have any active cheats loaded. To do this they monitor active processes and resident memory. Watching one of these Ant-Cheat mods using a modern Endpoint Detection and Response agent, they look like malicious activity. We have even seen the inspect the memory space around the Windows Local Security Authority Subsystem Service (the service that controls domain related logins). This is a process often targeted by attackers.

The person that found the bug was able to run a live demo on a gamer stream where they were able to get the Microsoft Text to Speech engine to activate via PowerShell. The developers at FromSoftware are also aware and are working with the people at Blue Sentinel who claim to have updated their code to block this exploit. FromSoftware are keeping their PVP servers offline and recommending gamers play in offline mode until a more permanent fix is implemented.

Right now, this vulnerability has only been shown to affect PC users, but we would recommend caution with playing on other platforms as well. A game console is a great entry point into a home network and can be used for several malicious activities.