Hackers could take over your computer if they fragged you on some CS:GO servers

Thanks, Valve.
Screengrab via [CS:GO Skin Showcase](https://www.youtube.com/watch?v=wq9CPg3En2A)

An exploit in the Counter-Strike: Global Offensive Source (SDK) engine was removed in a June update, according a report from software security company One Up Security yesterday.

Recommended Videos

The vulnerability allowed users in CS:GO community browser and third-party servers to hack into another player’s computer merely through killing them on a custom map.

When a player was killed, the server would process the user’s player model into a modified ragdoll state different from the normal animation, effectively loading a Remote Access Trojan (RAT) onto the victim’s computer. An RAT is a type of malware that can override administrative control over a user’s PC.

Apparently multiple third-party modifications are also at risk, according to Justin Taft of One Up Security. Taft suggested that an Address Space Layout Randomization (ASLR) mitigation bypass, which prevents computer memory corruption, could possibly prevent affected vulnerabilities in the Source engine from further harming your computer.

Valve added a bullet point to their June 16 update regarding the exploit, noting that they fixed a “potential exploit in the CS:GO engine.” The developer’s subtle memo on the situation didn’t gain much attention until it was reported by One Up Security.

To ensure your computer is safe from the updated vulnerability in the future, it’s best to disable third-party downloads. This can be achieved by typing the following commands into the developer console: “cl_allowdownload 0” and “cl_downloadfilter all.” These commands tell your game client to not allow downloads, while also filtering all server downloads during gameplay.

The aforementioned inputs also apply to other games that run on the Source engine, such as Team Fortress 2, Half Life, Portal 2, and Left 4 Dead 2.

Thank goodness Valve was made aware of this problem for the sake of third-party server denizens.


Dot Esports is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more
related content
Read Article FlyQuest swoops in to pick up Australian CS2 roster after previous organization closed down
The FlyQuest LCS roster on stage during the 2023 season.
Read Article What to do if CS2 crashes mid game
Italy with two players shooting each other with a smoke behind them
Read Article Vitality demolish C9 to put themselves two matches from defending Counter-Strike Major title
Apex screaming to the fans in the Royal Arena at the Copenhagen CS2 Major.
Related Content
Read Article FlyQuest swoops in to pick up Australian CS2 roster after previous organization closed down
The FlyQuest LCS roster on stage during the 2023 season.
Read Article What to do if CS2 crashes mid game
Italy with two players shooting each other with a smoke behind them
Read Article Vitality demolish C9 to put themselves two matches from defending Counter-Strike Major title
Apex screaming to the fans in the Royal Arena at the Copenhagen CS2 Major.
Author
Jamie Villanueva
CS:GO writer and occasional IGL support pugger that thinks he's good but is actually trash.