Call of Duty: WWII has been pulled offline after reports of a serious remote code execution vulnerability that allowed malicious players to take complete control of other gamers’ computers during live multiplayer matches.
On Saturday, the Call of Duty development team announced that the PC version of Call of Duty: WWII had been taken offline following “reports of an issue.”
What initially appeared to be a routine technical problem has since been revealed as a critical security vulnerability that put thousands of PC gamers at risk.
The issue centers around a remote code execution (RCE) exploit that allowed attackers to run malicious code on victims’ machines without their consent or physical access.
This vulnerability became particularly problematic just days after the 2017 title arrived on Microsoft’s Game Pass subscription service, following Microsoft’s acquisition of Activision in 2023.
Hackers Wreaking Havoc During Live Games
Reports from affected players paint a disturbing picture of the exploit’s capabilities. During live multiplayer matches, malicious players were able to remotely access other participants’ computers and execute a range of invasive actions.
Victims reported that attackers were opening command prompts on their PCs, sending mocking messages through Notepad, forcing remote shutdowns of their computers, and even changing desktop wallpapers to display inappropriate content.
The vulnerability exclusively affects Windows PC gamers, as console systems generally don’t allow this level of code execution.
This technical limitation means that only players accessing the game through platforms like Game Pass and potentially Steam were at risk.
Peer-to-Peer Network Architecture Creates Security Gap
The root of the problem appears to lie in Call of Duty: WWII’s reliance on peer-to-peer (P2P) networking for its multiplayer matches.
In this system, one player’s machine acts as the server for the entire match, creating potential entry points for malicious actors to exploit vulnerabilities in other players’ systems.
This security flaw isn’t entirely surprising to the Call of Duty community, where the hacking of older titles has become something of an “open-air secret.”
Many experienced players have long avoided playing legacy Call of Duty games on Steam due to similar security concerns.
Activision’s Response and Future Updates
There is considerable speculation within the gaming community about Activision’s plans to update the game’s anti-cheat system, known as “Ricochet,” as the title has been increasingly plagued by various forms of abuse.
However, whether and how this update will address the specific RCE vulnerability remains unclear.
What Players Should Do
Security experts and gaming communities are urging players to take immediate precautions while waiting for an official patch.
The recommended steps include avoiding Call of Duty: WWII on PC entirely, particularly the Microsoft Store and Game Pass versions, until Activision releases a comprehensive security update.
Players should also ensure their systems are protected by installing security updates promptly, maintaining active anti-malware software, and monitoring official Activision channels for updates on the fix.
This incident serves as a stark reminder that even established gaming titles can pose significant security risks to players’ entire computer systems, extending far beyond mere gameplay disruption into the realm of serious cybersecurity threats.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
