Cyberpunk 2077 gets update for PC to close vulnerability

Spread the love

CD Projekt RED has released an update that closes a previously discovered vulnerability in installing mods and custom save files. The vulnerability allowed third parties to run code remotely on PCs via dll files.

The hotfix addresses the remote code execution issue, which left users’ computers vulnerable by allowing attackers to remotely execute code in Windows using Cyberpunk 2077 using remote DLLs. The hotfix addresses a buffer overrun issue and removes or replaces non-ASLR dll files.

The vulnerability was discovered by a member of the Cyberpunk community on Reddit, mod maker PixelRick. He said that the vulnerability is difficult to exploit, but stated that as long as there was no fix, modified save files and mods would not be trusted. The mod maker explains that Cyberpunk 2077 was able to create a buffer overflow when loading a save file or mod, which can be used to redirect the game to an old dll file that is stored in a fixed location and does not have modern security. That way, a mod can contain malware. This can then be used to run code that makes Windows vulnerable.

GOG, Epic Games Store and Steam will in principle automatically update Cyberpunk 2077 to version 1.12, which is the hotfix version for this issue. Modmakers were CD Projekt RED for fixing the vulnerability. The day before yesterday, modmakers released a hotfix for Cyberpunk’s mod toolkit on GitHub. The link to it has since been removed.

The update comes just a few weeks after Cyberpunk 2077’s first major update, patch 1.1, which fixed a variety of bugs and improved performance in several ways. Patch 1.2 is expected in the coming weeks and should bring significant changes again.

You might also like