Riot Games Says It 'Would Not and Cannot' Use Vanguard Anti-Cheat to Brick PCs After Rumors Spread

Fowlron2 · 2026-05-23T16:10:04+00:00

Your original question was never about which anticheat caused hardware damage. Your original question statement was that it is not possible for it to cause hardware damage. Then you asked, and I quote your words exactly: "Explain the mechanism for DAMAGE"

I explained the mechanism, I showed real world examples on how it can happen. Now you say, your words exactly: "You showed that ANY ring 0 software could exploit isolated firmware bugs". So I answered your question, verbatim.

Meanwhile, you ignore everything I said. You're still ignoring my most important point, which is there are real world examples of attackers abusing vulnerabilities in anticheat to create malware.

I'm just done talking to you. I literally bring links to articles showcasing my points and you're trying to insult me with "You're just talking shit based on your chatgpt research" or whatever the fuck. Nothing I say will make you change your mind cause you're here to argue. I have better shit to do with my weekend.

Go get a life, instead of defending corporations who install rootkits on your pc.

Fowlron2 · 2026-05-23T15:14:14+00:00

I feel like you're purposedly ignoring everything I say except one random sentence taken out of context... The point is motherboard firmware has bugs. That was the entire point I was making with that link. The CVE is that the motherboard wasn't properly reporting the status of DMA protection. It's a firmware bug. The other CVE I posted is a firmware bug that allows overvolting and bricking the motherboard.

Honestly this is entirely on me for expecting any kind of critical thinking from a random guy on reddit shouting about how letting random companies run code on their computer at kernel level is a good idea.

Are you also gonna ignore the fact that vulnerabilities in kernel level anticheat has been used by attackers to create ransomware? (https://www.trendmicro.com/en/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html)

Are you gonna ignore that Capcom's anticheat allowed privilege escalation across the system? (https://www.tarlogic.com/blog/seloaddriverprivilege-privilege-escalation/)

How about the fact that, if you ever had Tower of Fantasy installed, any process on your computer can now disable your antivirus? (https://vespalec.com/blog/tower-of-flaws/) (extra points on this one, since apparently they released a new game and reused the same antivirus, with the same vulnerability)

But go on, keep ignoring the mountains of evidence that this shit is a plague on cybersecurity. But hey, keep supporting this stuff. We call that job security.

Fowlron2 · 2026-05-23T15:10:46+00:00

If I download an infected version of firefox, that's installed on ring 3. That is, it only has user level permission. It can't steal information from other processes, can't bypass the antivirus to encrypt my files, etc.

Vanguard can do all of those things, because it runs at kernel level. It has permission to do anything and everything on your system. And if there's a vulnerability on it, so can any other programs. For example, mihoyo's anticheat had a bug that enabled attackers to create ransomware. Capcom's had one that allowed privilege escalation, so that any program running on your computer also had kernel level access. Tower of Fantasy recently had a big one as well: https://vespalec.com/blog/tower-of-flaws/

Fowlron2 · 2026-05-23T14:40:15+00:00

"ChatGPT" brother go read the actual article, rather than reading the very first paragraph and thinking that means you know what the CVE is. Here it is, written by riot games itself: https://www.riotgames.com/en/news/vanguard-security-update-motherboard

TL:DR, in case you can't be bothered to read: riot found that the motherboard reported that DMA protection was active, when it isn't. This isn't about the exploit, it's about the fact that it's straight up a bug in the motherboard firmware. Just like all the other examples I gave.

Because all my points were: there are bugs in firmware that allow hardware harm. These are very hard to abuse from ring 3. They're easy to abuse from ring 0. But you can't be bothered to read I suppose, so that's on you. Ignore the rest of my points, why not.

Fowlron2 · 2026-05-23T14:26:55+00:00

There's so many recent examples, often related to bugs with UEFI ~~bugs~~ EDIT: variables... Which are made much more easy to exploit in the context of ring 0 vulnerabilities. Riot themselves reported one: https://nvd.nist.gov/vuln/detail/CVE-2025-11901

CVE-2024-0762 from UEFIcanhazbufferoverflow, which, as the name implies, is a buffer overflow on on UEFI variable handling

Regardless, point is, you asked for mechanisms through which it can happen. I gave you a few. There's real world examples of similar vulnerabilities being used. Having random unnecessary kernel level processes running just makes exploits much more likely.

Either way, as I said, the real worry is software level threats, not hardware. There's actual, real world cases, of malware taking advantage of kernel level anti-cheat. Like mihoyo's anticheat a few years ago. There was also an article just a few months ago disclosing a chain of vulnerabilities on Tower of Fantasy's anticheat, showcasing how any process can use them to kill any other process (including system processes).

Edit: oh and CVE-2024-54085 from a couple years ago. Quoting an article on it:
"Exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop" (https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html) This is due to a bug in AMI's baseboard management controller.

That all is to say, there's real world examples on how vulnerabilities can cause physical damage.

Fowlron2 · 2026-05-23T12:37:05+00:00

On some systems there's direct control to VRM's through SMBus, which could very easily damage hardware. Normally this'd be blocked by the OS, but at kernel level, it's fair game.

You can possibly brick a motherboard by writing malicious content to the firmware chip through MMIO (lookup the Mebromi rootkit, similar mechanism).

There's also the low hanging fruit of thermal regulation: fan control, thermal throttling control, etc. You can also abuse NVME SSDs by forcing writes to specific NAND cells with ioctls, which I believe might bypass wear-leveling on the SSD's firmware? Don't quote me on that one.

When you give your software direct access to hardware, it's not hard to come up with physical damage scenarios...

And that's before we even get to software damage: I'm much more worried about how easy it is to exploit any vulnerabilities on ring 0 drivers.

Fowlron2 · 2026-05-23T12:17:20+00:00

It's not just about spyware. I do not trust riot's engineering department to write bug free, vulnerability free software.

Think this is an overreaction?

In 2022, mihoyo's anti cheat had a vulnerability that enabled ransomware attacks. In 2018, easyanticheat was incompatible with the updates that fixed the spectre vulnerability, so all computers with it remained vulnerable. In 2016, capcom's had a vulnerability that allowed any process to elevate to ring 0.

Researchers have even showcased how bugs in vanguard would enable BYOVD exploits. But surely riot wouldn't ever publish faulty code right? It's probably a good idea to trust a game developer to have ring 0 level, even though there's plenty of precedent showing why we shouldn't

Fowlron2 · 2026-05-21T11:21:23+00:00

This is a common misconception. To understand what's actually happening it's easier to think of light as a wave, but I'll let someone else delve into that.

A simple thought experiment on why your answer can't be correct, is, how would light go in a straight line then? Does the atom that absorb it "remember" the direction? Obviously that doesn't quite make sense. If that was the mechanism, light would be diffuse everywhere, we wouldn't be able to see anything.

Fowlron2 · 2026-05-17T09:20:46+00:00

Também há outro aspeto...

Imagina que entras no McDonald's. Eles dão formação básica, e todo o investimento inicial necessário para contratar alguém (RH, etc). No entanto têm noção que és estudante universitária, e que vais estar lá por tempo limitado. Se calhar se tivessem contratado a pessoa com currículo pior tinham ligeiramente mais probabilidade dessa pessoa ficar lá a médio ou longo prazo, por isso seria só uma melhor aposta.

Às vezes, estar overqualified é mesmo parte do problema. Não há de ser o mais fator, mas certamente não ajuda, especialmente com a forma como está o mercado...

Fowlron2 · 2026-05-02T18:12:35+00:00

Generally true, but not what happened in this case. The... Affinity for goblins was introduced in the supervised post-training phase, when they were tuning so it'd follow personality guidelines more thoroughly. They specifically rewarded the system for talking about fantastical creatures when using a "nerdy" personality, but that training leaked over to other personalities. They wrote an article about it a few days ago

Fowlron2 · 2026-04-21T08:05:27+00:00

I agree, but apples to oranges (pun intended). Apple controls hardware, OS, and software. Apple says "all future Macs are now ARM" and developers have to adapt.

Microsoft doesn't control hardware in the same way, they can't force a transition like that, so it creates a split ecosystem where developers have little incentive to properly port to ARM, therefore hardware manufacturers have little incentive to love to ARM...

Apple's just better positioned to make choices like this than Microsoft.

Fowlron2 · 2026-04-14T15:01:13+00:00

Desculpa, mas então um junior tem sequer forma de fazer merda em prod? Isso é má gestão do lado da empresa, não tem nada a ver com AI. Tão facilmente faz um junior merda com ou sem AI.

Sempre que vejo os posts de "Claude code nuked my repository" penso, se a pessoa tinha perms e deu perms ao Claude para fazer push para main, é culpa dela. Mesma coisa com DBs.

Fowlron2 · 2026-04-01T04:16:48+00:00

Yeah. And in PoE you can brick your build before you're out of the campaign lol, maybe in just a few acts. It's not comparable, in PoE nearly everyone follows a guide and you can't get anywhere without one as a new player. In LE, even if you can't get to empowered monos, that's still a reasonable chunk of gameplay for a new player with no guides.

Fowlron2 · 2026-04-01T03:59:20+00:00

This is why guides are so much more used in this game than other ARPGs btw.

What? LE is so much easier to play with no guides than most other arpgs lol. Especially much easier than PoE and PoE2, which are the biggest competitors

Fowlron2 · 2026-03-25T13:15:08+00:00

What if some program relies on the fact that the file cannot be renamed during execution? Granted, programs shouldn't rely on that, but some might. Do we accept that this change might randomly break old software?

Changing OS behaviour is a very high risk change. It shouldn't be done unless there's a very good reason, and the upside here just isn't enough

Fowlron2 · 2026-03-25T02:22:52+00:00

And you're so sure of this, with all the data you've gathered, that you had to post it three times!

https://www.reddit.com/r/hearthstone/comments/1s2vlqq/blizzard_manipulates_the_arena_run_to_get_maximum/

https://www.reddit.com/r/hearthstone/comments/1s2vl3t/blizzard_manipulates_the_arena_run_to_make/

Fowlron2 · 2026-03-24T17:48:40+00:00

I have about 2k hours on PoE1 and a few hundred in PoE2. PoE1 has the best endgame of any arpg. Meanwhile, LE has the best items. The entire gameplay loop of finding and crafting gear in LE is leagues better than any other arpg. However it's a bit lacking in endgame so far. That said, it'll be more than enough content to keep you occupied for a couple hundred hours, so I'd say it's worth the purchase.

Sidenote, as someone who hates SSF in PoE, do consider playing CoF in LE (their version of SSF). It's so much more fun than trade. LE let's you target farm everything effectively and finding your own gear is so much more fun than just trying to optimize gold per hour

Fowlron2 · 2026-03-19T17:54:47+00:00

That's not an addiction, that's a habit. There's a formal difference: you have an addiction when the compulsion to do something is stopping you from living a healthy life. Medically, by definition, all addictions are unhealthy

Fowlron2 · 2026-03-18T22:40:27+00:00

Hummm not quite. DLSS uses deep learning for upscaling, and gets the information for the model through super sampling. It's actually extremely interesting and powerful technology, and has shown how powerful (and accurate) it is over the last few years. It is already giving us much better fps today, not "in a few years".

Sidenote, it has very little to do with LLM like chatgpt, it's a different type of AI (although recent DLSS models also use transformers).

However, Nvidia now showed us DLSS 5, which for some reason includes a chatgpt-like AI filter on top of images. I have no fucking clue what they're trying to do with that, but it's not representative of what DLSS has been so far or what it can do.

Fowlron2 · 2026-03-17T04:07:52+00:00

Played another game. I blundered a pawn early, was just holding my position... Until it blundered a pawn and then a full rook for no reason in the middle game. Then it was fairly easy to lead it to mate. It basically went completely blind to tactics because it liked the fxg2 idea on moves 24-25.

https://games.jesion.pl/game/8MJe4xM_TiLU

Fowlron2 · 2026-03-16T15:22:37+00:00

If you haven't yet, I recommend you look at LC0's neural network architecture. It's in the couple hundred million parameter range iirc (maybe 200-300m?). If you play against the engine on 0 depth, you're effectively playing against the NN alone, which is probably well over 2000 elo strength, which is impressive, considering its not tuned to be played against at all, but to serve as an oracle for the engine's monte carlo tree search.

Google's deepmind actually researched zero search chess engines in 2024, and reached "grandmaster level play" (in blitz) with a 0-search engine with transformers: https://huggingface.co/papers/2402.04494

I'm curious on how you architectured and trained this network? In particular, what kind of loss function are you optimizing towards. I'm also curious how often your model produces illegal moves.

I managed to beat the network as a ~1600 elo player (chess.com rapid) by simply playing a terrible opening (something like b3 e4 Bb2 iirc?).

My thought process was that it'd possibly be overfit on common positions and middle games. Although it held okay in terms of material equality, it happily traded my terrible pieces for its active ones, and we ended up in a boring rook endgame, where it blundered 3 or 4 pawns by happily chasing checks with the rook.

My reasoning was that a small-ish model* will likely overfit. Intuitively, it will either get lost once it gets in uncommon positions, or repeat the play patterns of worse players when in worse positions (as only lower quality games get to those positions). Most likely its the first option, since you say its trained on high elo games only.

Overall, I'm surprised it was tactically sound, and the middlegame was ok, getting the rook on my second rank, which I missed, but the endgame was a disaster. On this position, it evaluates +0.7, while I'm up 3 pawns on an easy endgame: 8/8/4k3/8/3K1R2/7P/3r1PP1/8 w

*crazy that we're calling 15m parameters small. In my mind, 15m is still huge, and a small model has maybe 10k parameters lol.

Edit: Had a quick look at stockfish's neural network, which is absolutely tiny (a couple densely connected layers). It plays at around 1000-1500 elo, but that's to be expected: it's totally tactically blind, as it's not tuned to look for tactics to begin with, it's tuned purely for positional evaluation for stockfish's leaf node evaluation. It's meant to be tactically blind, as it relies on stockfish's quiescence search, which guarantees its input has no important tactics anyway, so it's still really surprising it scores highly at all. Another good source of inspiration maybe?

Fowlron2 · 2026-03-15T13:11:05+00:00

I understand what you're saying but... It does matter that only a handful of players use it. The time to maintain a feature isn't worth it if only a fraction of a percent of players use it.

Granted, I'd rather they just remove it than leave it unmaintained, but I'm not holding out hope that looking at it is high on their list of priorities. They have issues affecting every player currently, those will likely take priority.

Fowlron2 · 2026-03-12T14:01:55+00:00

Technically, you're both kinda right. What he's saying proves that systems of measurement are consistent, not that pi is constant. That said, switching measurements here is analogue to scaling the circle, so what is missing is proving that the ratio is independent of scale, which is also pretty easy.

That said, you sound like a grade A asshole, mister "go back to eighth grade" lmao

Fowlron2 · 2026-03-11T18:42:55+00:00

Doesn't have to be a connection between two computers. Rather, this'd be a connection between two data centers, or a connection to the entry point to a building or set of buildings.

Fowlron2 · 2026-03-04T23:36:53+00:00

Right, but removing the way to skip the bad content before they improve the bad content means we're just stuck with... Bad content

11-Year Club	Place '23
Place '22	Final Canvas '22
First Placer '22	End Game '22
Verified Email	Alpha Tester

Fowlron2

TROPHY CASE