.png){kind=logo}
Activision has removed the Microsoft Store and Game Pass versions of Call of Duty: WWII due to concerns over hackers infecting players’ PCs. Initially, the company stated that it was "investigating an issue," but insiders indicate that a security breach prompted this action.
According to a report by TechCrunch, hackers exploited a Remote Code Execution (RCE) vulnerability, allowing them to infect users directly within the game. This vulnerability allowed the execution of malicious code without requiring any user action.
The exploit was silent. Victims did not have to click on anything or download files. Simply connecting to a multiplayer session was sufficient. Once logged in, attackers could hijack systems, steal data, or inject malware.
Warning from one user on Reddit: “It’s not safe to play the game on PC currently. There is an RCE exploit.” Several others corroborated with similar experiences.
These two versions were recalled because they employed outdated code that had not been correctly patched. The Steam version was based on another build that already fixed the vulnerability.
Although all versions are titled the same, they are distinct from one another. That lag in updates left Microsoft Store/Game Pass versions vulnerable, leading Activision to remove them from sale as a precaution.
Yes, and not once. Activision has repeatedly suffered from cybersecurity problems in the past few years:
In 2024, a hacker exploited the anti-cheat system to unfairly ban honest players.
Earlier that same year, attackers exploited infostealer malware to steal from players and obtain their passwords.
In 2023, Modern Warfare players were infected by a self-replicating worm thanks to another unpatched vulnerability.
Each of the incidents involved neglected vulnerabilities, many of which were in game code that was months or even years old and still in circulation.
Insiders disagree. While other game developers are increasing cybersecurity spending, Activision has had repeated rounds of layoffs. Some of those directly impacted its security and anti-cheat teams.
That has raised eyebrows on whether the company is staying on top of the changing threats facing online games.
Activision has not responded to repeated requests so far. The affected versions remain offline, with no information available on when or if they will be restored.
This is not just about a single game. Call of Duty: WWII’s situation illustrates a greater problem in gaming: unpatched legacy code can unlock perilous doors. As older titles are remastered or made available on services like Game Pass, businesses must treat security as an ongoing concern. It should not be viewed as a one-time fix that developers can forget afterward.
Players deserve more support and quicker responses when threats arise. Activision is currently under pressure to address this issue. Fans are urging the company to show its commitment to long-term player safety.
