Gamers who own a copy of Street Fighter V may want to hold off on installing Thursday afternoon’s update. CAPCOM (the game’s developer) announced that the update includes a new anti-crack solution to help combat cheating. The anti-crack solution however goes too far, to the point of compromising the system’s security.
After installing the latest game update, Windows User Account Control (UAC) notifies the user about a privilege escalation request by the game, every time the game is launched. Users on reddit quickly found that the game now requires kernel-level access and installs a kernel driver before being allowed to run. Kernel-level access allows a program near-limitless capabilities on the system which it is running, such as reading and writing to any file or accessing all other installed software. Microsoft specifically warns against privilege escalation in their developer guidelines, saying that all applications should strive to only use standard user rights to reduce security risks.
Another user on reddit performed an analysis of the installed driver from the latest update and found that ultimately it could allow any arbitrary code to execute with kernel permissions on the system. CAPCOM isn’t the first company to request this level of system access in the name of anti-cheating or anti-piracy. In 2005, Sony was sued after CDs installed a rootkit after being inserted into a computer, all in the name of Digital Rights Management (DRM) protection.
Were CAPCOM’s intentions with this update malicious? Probably not. The installed kernel driver is very likely only used to detect in-game cheating. Its also important to note that no actual malicious exploit of this privelege escalation request has been published. Unfortunately, their update puts all of their user base at risk by exposing kernel-level access to any attacker capable of finding a bug in their game. –Marc Laliberte
Photo Credit: CAPCOM