On Saturday, the Call of Duty team made a significant announcement regarding the PC version of Call of Duty: WWII, which has been temporarily taken offline due to “reports of an issue.” This issue has been identified as a serious security concern, specifically a remote code execution (RCE) vulnerability that has raised alarms within the gaming community.
Following Microsoft’s acquisition of Activision in 2023, the iconic Call of Duty franchise has gradually transitioned to Xbox and PC Game Pass. However, just days after the 2017 title, Call of Duty: WWII, became available on Microsoft’s subscription service, troubling reports began to emerge. Players discovered they could exploit an RCE vulnerability to gain unauthorized control over other players’ PCs during live multiplayer sessions.
Remote code execution is a critical security flaw that enables attackers to execute malicious code on a victim’s machine without their consent or physical access. The implications of such an exploit are severe, potentially leading to data breaches, system takeovers, and the installation of malware. In this instance, it appears that attackers were leveraging the RCE vulnerability to remotely access other players’ computers during gameplay. Reports indicate that they were able to:
- Open command prompts on victims’ PCs
- Send mocking messages via Notepad
- Force remote shutdowns of players’ computers
- Change desktop wallpapers to display inappropriate content
The Game Pass subscription service, provided by Microsoft Gaming, is primarily affected due to the nature of PC gaming. Unlike consoles, which typically restrict such levels of code execution, Windows PC gamers have found themselves vulnerable to these exploits.
Within the Call of Duty community, the hacking of older titles has become an open secret, with many players opting to steer clear of games available on Steam. The root of the problem likely stems from the multiplayer game’s reliance on peer-to-peer (P2P) networking, where one player’s machine serves as the match’s server, creating opportunities for exploitation.
Speculation surrounds Activision’s efforts to enhance the game’s anti-cheat systems, known as “Ricochet,” in response to the rampant abuse within the title. However, the effectiveness of any forthcoming updates in addressing the RCE vulnerability remains uncertain. Updates will be provided as the situation develops.
What gamers should do
This vulnerability is particularly concerning, as it not only disrupts gameplay but also poses a risk to the integrity of gamers’ entire PCs. The situation underscores the reality that even well-established titles can expose machines to significant risks. While it remains unclear whether the Steam version is affected, here are some recommended precautions:
We don’t just report on threats—we remove them
Cybersecurity risks should never be taken lightly. To keep threats at bay, consider downloading Malwarebytes today.
