Activision has taken the PC version of Call of Duty: WWII offline following reports of a critical remote code execution (RCE) vulnerability that surfaced shortly after the game was added to Microsoft’s Game Pass service. The issue reportedly allows attackers to gain remote control of other players’ PCs during multiplayer sessions.
Critical Exploit In Call of Duty: WWII
As explained by security company Malwarebytes, RCE vulnerabilities are particularly dangerous because they enable malicious actors to run malicious code and control victim’s machine without their knowledge or permission. In this case, attackers allegedly exploited the flaw during the game’s multiplayer session to execute actions including opening command prompts, sending mocking messages via Notepad, initiating remote shutdowns, and even altering desktop wallpapers to display explicit content.
So far, the exploit appears to affect only PC players, as console systems typically do not grant this level of access in the first place. The vulnerability was discovered just days after the 2017 title became available on Game Pass, prompting publisher Activision to take the game offline for investigation. It has been speculated that WWII’s multiplayer system – which relies on P2P (peer-to-peer) connections – may be a factor at play here.
While Activision didn’t officially clarify its reasoning behind temporarily shutting down the online components for the Microsoft Store version of the game (while the Steam version is still up), it’s widely believed that fixing this RCE exploit may be the reason behind this vague announcement. No update has been made since then, so PC players may want to hold off accessing this game until the patch is ready.
Pokdepinion: That’s a nasty bug for sure.
