Cyberpunk 2077, a highly anticipated modern sci-fi role playing game created by CD Projekt, has been the talk of the gaming community for some time. While the base game itself is secure, a new remote code execution vulnerability was identified in third-party modded content for the PC version of the game for which CD Projekt has released a fix.
The vulnerability was first reported by a user named PixelRick; PixelRick explains that this vulnerability is a buffer overflow vulnerability that allows cyber criminals to execute remote codes on user devices, which can lead to deployment of malicious programs on those devices. CD Projekt also warned its users about this vulnerability, advising users to avoid downloading modded content from untrusted sources for their own safety.
The vulnerability exists at the address space layout randomization layer, a key feature that helps for randomizing memory spaces, which paves the way for remote code execution when affected by buffer overflow.
The new hotfix released by CD Projekt will remove the flawed xinput_3.dll and replace it with xinput_4.dll, so when users launch Cyberpunk2077.exe, this new DLL file is bundled with Windows 10.
This game has recorded a total of 1,054,388 PC gamers playing at one time, showcasing how popular the game is and how many opportunities hackers have to exploit this vulnerability. Since this vulnerability can later become a gateway for malware, users are strongly advised to patch the game with this latest hotfix before threat actors take advantage of this vulnerability.
If you've deployed mods and are using Steam, unless you've disabled auto-updates, your game has likely already been patched. If you've deployed mods and aren't using Steam, it's recommended you patch the game as soon as possible. You can find the latest patch here.