Activision Withdraws Call of Duty Game After PC Player Security Incident

Activision has taken the significant step of removing its title shooter, Call of Duty: WWII, from the Microsoft Store and PC Game Pass. The publisher announced on Friday that the game was "brought offline" to investigate "reports of an issue," though the precise nature of the problem was not initially disclosed. This outage specifically impacts PC versions obtained via Microsoft's platforms, with the game remaining accessible on Steam for PC, as well as on Xbox and other consoles.

The decision, though officially unconfirmed by Activision regarding its cause, appears to be a direct response to widespread social media reports from PC players claiming their computers were compromised after playing Call of Duty: WWII. Prominent streamer Wrioh shared a video illustrating the alleged hack, which depicted the game freezing, command line windows appearing, and even the user's desktop wallpaper being altered. A warning message within the hack explicitly stated that Wrioh's system had been "RCEd," indicating a successful remote code execution. Remote code execution (RCE) vulnerabilities are critical flaws that allow attackers to remotely plant and run malicious code, potentially giving them full control over a compromised device.

The timing of these incidents is particularly noteworthy. Call of Duty: WWII was only integrated into Game Pass and the Microsoft Store in June of this year. Reports, including one from TechCrunch, suggest that the versions of the game distributed through Microsoft's channels may have contained an older, unpatched flaw. This specific vulnerability is believed to have been previously addressed in other iterations of the game, implying a discrepancy in the software build provided to Microsoft's platforms.

As of the current time, Call of Duty: WWII has not been restored to the Microsoft Store or PC Game Pass. This ongoing outage underscores the severity of the reported security vulnerability and Activision's commitment to investigating and resolving the issue before making the game available again through these channels. The incident serves as a stark reminder of the continuous challenges faced by game developers and publishers in maintaining robust security across diverse platforms and game versions.

What steps can players take to protect themselves from similar remote code execution vulnerabilities when playing online games, even when a publisher has not yet patched the issue?