Call of Duty Players Hit by RCE Exploit Enabling Hacks on Other Gamers’ PCs

The Call of Duty team abruptly pulled the PC version of Call of Duty: WWII offline, following reports of a serious and actively exploited Remote Code Execution (RCE) vulnerability.

This move came just days after the popular 2017 title was added to Microsoft’s Game Pass subscription service, a decision that significantly broadened its player base on Windows PCs.

According to security researchers and reports from the Call of Duty community, the vulnerability allows malicious actors to remotely execute arbitrary code on the machines of unsuspecting players during live multiplayer matches.

Multiple victims confirmed attackers were able to open command prompts, send messages through Notepad, initiate forced shutdowns, and even alter desktop backgrounds examples that underscore the severity of the breach.

Most notably, some users reported that their desktops were changed to display explicit content as a form of harassment, highlighting the exploit’s potential for both technical and psychological harm.

Peer-to-Peer Networking

The underlying issue appears to stem from Call of Duty: WWII’s peer-to-peer (P2P) matchmaking architecture, where one player’s machine acts as the temporary multiplayer server.

While efficient for matchmaking, this architecture exposes user systems directly to others, increasing the attack surface for vulnerabilities like RCE flaws.

Unlike console environments, where such exploits are typically contained by stricter system-level controls, Windows PCs remain far more susceptible to remote code execution vulnerabilities in legacy games, particularly when not actively maintained with robust security measures.

The incident has reignited ongoing debates within the gaming community regarding the risks associated with older, multiplayer-driven titles.

Players have long warned of rampant cheating and vulnerabilities within Call of Duty’s historical catalogue on PC platforms, often advising newcomers to avoid certain titles on digital distribution sites like Steam.

Yet the migration of classic Call of Duty games to Game Pass has exposed a new generation of players to these legacy risks.

Questions Surround Activision’s Security Response

Microsoft’s 2023 acquisition of Activision raised expectations for improved security across the publisher’s properties, including the flagship Call of Duty series.

There has been speculation that Activision is preparing updates to its “Ricochet” anti-cheat system as part of a broader security overhaul; however, it remains unclear if these updates will fully address the newly discovered RCE vulnerability in Call of Duty: WWII.

The company has yet to release a detailed timeline or technical explanation for the incident, leaving the player base in limbo as engineers work to patch the flaw.

Meanwhile, the Call of Duty team has advised PC gamers to refrain from playing Call of Duty: WWII on any platform, particularly the Microsoft Store and Game Pass editions, until further notice.

While it is not definitively known whether the Steam version is similarly affected, security experts recommend exercising caution and ensuring all available patches and anti-malware solutions are up to date.

Players are also encouraged to monitor official Activision channels for ongoing updates. This latest incident serves as a stark reminder that even established and previously trusted software can expose users to emerging threats, especially when built on outdated network models.

As the industry continues to blend old and new content through subscription services like Game Pass, the need for proactive security intervention and transparent communication from publishers is more critical than ever.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates

The post Call of Duty Players Hit by RCE Exploit Enabling Hacks on Other Gamers’ PCs appeared first on Cyber Security News.