Call of Duty: WWII taken offline after RCE vulnerability let hackers take over PCs

Over the weekend, the Call of Duty team at Activision Blizzard announced that the PC version of Call of Duty: WWII on the Xbox App (recently made available as part of Xbox Game Pass) was taken offline so it could "investigate reports of an issue." The issue? A remote code execution (RCE) vulnerability has been discovered in the game.

A serious issue allows hackers to gain remote access to a PC running Call of Duty: WWII on PC, specifically the version available via the Xbox App or Microsoft Store, and take control. As seen in the social media post above and other reports of the vulnerability, hackers have primarily been exploiting the flaw as a means to harass or troll gamers and streamers.

From opening the command prompt to sending messages in Notepad, changing desktop wallpapers, and shutting down PCs, this exploit has led to numerous cases of PCs being hijacked by hackers. In some extreme cases of trolling, hackers have also been changing the desktop wallpaper of Call of Duty gamers to display gay porn.

This issue is specific to the PC version of the game and is related to ongoing problems with Call of Duty's peer-to-peer (P2P) networking, particularly in terms of security. RCE is right up there in terms of risk and damage, as it enables someone to execute malicious code without being detected. This can lead to data theft and the installation of malware.

The news of these attacks arrives only days after the game was added to the PC Game Pass library, and as of writing, Activision and the Call of Duty team haven't released a statement outlining the cause of the vulnerability and the extent of its potential damage, beyond changing someone's desktop wallpaper. In the meantime, it's probably best to avoid Call of Duty: WWII on PC until a resolution is reached and the online safety of gamers can be guaranteed.