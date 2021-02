CD Projekt Red encourages members of the gaming community to pay attention when installing Cyberpunk 2077 Mod or custom saves after discovering a vulnerability in the way the game connects to system DLL files. Is warning. This will allow the creator of the mod / crafted save to run the PC at runtime.

Two days ago, Redditor u / Romulus_Is_Here posted a warning on r / cyberpunkgame subreddit detailing the findings by modder and Pixel Rick, the creator of the Cyberpunk save editor.According to the post, malicious code using mods or specially crafted game save data [sic] It can be run by the creator of the save game / mod to control the PC.

This post doesn’t go into too much detail about how the vulnerability works, but it’s been updated with an official tweet from CD Projekt Red to confirm the existence of the vulnerability and shed more light on how the vulnerability works.

Be careful when using @CyberpunkGamemods / custom saves on your PC. It turns out that the external DLL file used by the game is vulnerable and could be used to execute code on a PC. The problem will be fixed as soon as possible. For now, please refrain from using files of unknown origin. February 2, 2021

The tweet states that there is an error in the external DLL file used by the game, and the problem will be fixed as soon as possible. The problem here is that malicious mods use a copy of cyberpunk as a kind of Trojan horse, because DLL files are already part of the operating system and can be accessed by external programs to perform certain activities. To break into the system and gain remote access to its files and activities.

CDPR told Eurogamer that the issue could be used as part of remote code execution on a PC. We appreciate your feedback and are working to fix this as soon as possible. In the meantime, please refrain from using files of unknown source.

U / Romulus_Is_Here also warns that Pixel Rick has confirmed that PS4 is also somewhat vulnerable to this vulnerability.

The safest solution here is not to use mods from unidentified sources, but fans have come up with another option until CDPR launches an official patch. Cyber ​​Engine Tweaks is Modder Yamashi’s famous fan plugin, famous for its inconsistent game performance. In the latest update of the plugin, version 1.9.6, Yamash claims to have fixed the vulnerability, reiterating that anyone who forges a malicious file can allow full access to the computer. I will.

Knight City is a dangerous place. Samurai, please ensure your safety.

