The most recent update for Street Fighter V gave players lots of new and exciting content. Unfortunately, it also introduced a major security vulnerability for PC players.
A potentially dangerous driver, Capcom.sys, was included as part of a major content update.
As explained by Reddit user extrwi, Capcom.sys introduced a backdoor that could run malicious code on a player’s system. If a user updated their copy of the game before the rollback was released, the driver was installed in the user’s System32 folder. The driver then had the ability to disable a user’s execution protection in order to run code.
Capcom released a “rollback” patch for the PC version of Street Fighter V on Friday night. But the rollback does not automatically uninstall Capcom.sys. Players can manually remove the driver from their system once the rollback is installed, although a restart may be required beforehand.
The driver was included in Thursday’s update as an attempt to eliminate memory address manipulation, which can be used in cheats. Two of the most common uses of these manipulations have been to allow for one-hit knockouts and to reduce the game’s Survival mode from 100 rounds to one, both of which allow players to earn in-game Fight Money quickly. All of the game’s additional characters, as well as most of the game’s stages, costumes, and costume colors, can be purchased with either Fight Money or real money.
The security flaw undercut much of the momentum Capcom had hoped to build with Thursday’s update. Urien, the final character of the game’s first ‘season,’ headlined the content update. A player-versus-CPU mode, stat tracking, and daily challenges were also included. All of the content released in the update will still be available to PC players after the rollback is installed.
The content was also released for the PlayStation 4 edition of the game on Thursday. No issues have been reported with the update on that platform.