Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Screengrab via CS:GO Skin Showcase

Hackers could take over your computer if they fragged you on some CS:GO servers

Thanks, Valve.
This article is over 7 years old and may contain outdated information

An exploit in the Counter-Strike: Global Offensive Source (SDK) engine was removed in a June update, according a report from software security company One Up Security yesterday.

Recommended Videos

The vulnerability allowed users in CS:GO community browser and third-party servers to hack into another player’s computer merely through killing them on a custom map.

When a player was killed, the server would process the user’s player model into a modified ragdoll state different from the normal animation, effectively loading a Remote Access Trojan (RAT) onto the victim’s computer. An RAT is a type of malware that can override administrative control over a user’s PC.

Apparently multiple third-party modifications are also at risk, according to Justin Taft of One Up Security. Taft suggested that an Address Space Layout Randomization (ASLR) mitigation bypass, which prevents computer memory corruption, could possibly prevent affected vulnerabilities in the Source engine from further harming your computer.

Valve added a bullet point to their June 16 update regarding the exploit, noting that they fixed a “potential exploit in the CS:GO engine.” The developer’s subtle memo on the situation didn’t gain much attention until it was reported by One Up Security.

To ensure your computer is safe from the updated vulnerability in the future, it’s best to disable third-party downloads. This can be achieved by typing the following commands into the developer console: “cl_allowdownload 0” and “cl_downloadfilter all.” These commands tell your game client to not allow downloads, while also filtering all server downloads during gameplay.

The aforementioned inputs also apply to other games that run on the Source engine, such as Team Fortress 2, Half Life, Portal 2, and Left 4 Dead 2.

Thank goodness Valve was made aware of this problem for the sake of third-party server denizens.


Dot Esports is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Jamie Villanueva
Jamie Villanueva
CS:GO writer and occasional IGL support pugger that thinks he's good but is actually trash.