Capcom rolls back Street Fighter V anti-cheating update after it breaks the game

The update also introduced a huge new security exploit.

Street Fighter V has seen no shortage of problems since it launched to mixed reception earlier this year. The general consensus is that the game itself is fun, but the infrastructure surrounding it -- and the way Capcom's handled emerging problems -- leaves much to be desired.

Yesterday, Capcom rolled out its most recent update including a new playable character, Urien, and a so-called "anti-crack solution" designed to clamp down on cheats and exploiting. Immediately, players began reporting problems: some found the game would no longer launch, leaving Capcom to suggest on its official blog that the update had triggered a "false-positive" with users' anti-malware programs, or even anti-exploit safeguards within Windows itself.

Why was it doing this? Well... it turns out the update adds a new file to users' system32 folder, which is critical to a computer's stable performance, and in doing so inadvertently opened up a backdoor that would let anyone inject potentially malicious code through the game file. It sounds like a tiny detail, but this is the kind of security flaw that could let a hacker or a virus into essential system files, seriously compromising any affected machine. Street Fighter players were, understandably, upset about this.

Capcom quickly pulled the anti-cheating component of update earlier today and issued an apology over Twitter.

To be clear here, there's no chance that Capcom just ~accidentally~ wrote a security update that stuck a new file in system32. This wasn't the result of a bug. A component of the update specifically disables supervisor-mode execution protection meant to block malicious code and the driver has no security level attached to it, meaning any user on the machine can open and control it. In the words of user extrwi, who first outlined much of this in a major thread regarding the update on Reddit subsection /r/Games, "That's bad."

We shouldn't immediately jump to the conclusion that this was all intentionally malicious on Capcom's part -- it needs to crack down on cheaters somehow, and perhaps the coder who implemented this didn't think through all of its implications -- but it's a pretty big misstep, and the best that can be said about Capcom in this case is that it pulled the update quickly.

(h/t Polygon, /r/Games.)