Cyberpunk 2077 gets update for PC to close vulnerability – Gaming – News

CD Projekt RED has released an update that fixes a previously discovered vulnerability close to installing mods and custom save files. The vulnerability allowed third parties to remotely execute code on PCs via DLL files.

Hotfix tackles the problem with remote code execution making users’ computers vulnerable as malicious people using remote DLLs could remotely run code on Windows through Cyberpunk 2077. The hotfix addresses a buffer overrun issue and removes or replaces non-ASLR DLLs.

The vulnerability was discovered by a member of the Cyberpunk community on Reddit, mod maker PixelRick. He said that the vulnerability is difficult to exploit, but stated that as long as there was no fix, custom save files and mods would not be trusted. The modmaker explains that Cyberpunk 2077 could create a buffer overflow when loading a save file or mod, which can be used to redirect the game to an old DLL that is stored in a fixed location and has no modern security. That way, a mod can contain malware. This can then be used to execute code that makes Windows vulnerable.

GOG, Epic Games Store and Steam will in principle automatically update Cyberpunk 2077 to version 1.12, the version with the hotfix for this issue. Modmakers were ahead of CD Projekt RED in fixing the vulnerability. The day before yesterday, mod makers released a hotfix for Cyberpunk’s mod toolkit on GitHub. The link to it has since been removed.

The update only comes a few weeks after the first major update from Cyberpunk 2077, patch 1.11, which fixed a variety of bugs and improved performance in several ways. Patch 1.12 would again bring significant changes. That will now probably be patch 1.13.

–