Critical Security Breach Hits Call of Duty: WWII on PC – What Happened, How to Stay Safe, and What’s Next

The gaming community was rocked this week by a severe security breach affecting the PC version of Call of Duty: WWII, particularly for players accessing the game through Xbox Game Pass.

Just days after the 2017 title was added to the service on June 30, 2025, reports of a Remote Code Execution (RCE) exploit flooded social media, prompting Activision to pull the game’s PC servers offline. This incident has raised serious concerns about the safety of older games on modern platforms, leaving players wondering how this happened, how to protect themselves, and what’s next for the title.

What Happened in the Microsoft Store and Game Pass Call of Duty: WWII Version?

Let’s break it down. The issue centers around a critical RCE vulnerability in Call of Duty: WWII’s PC version, specifically affecting the Xbox Game Pass and Microsoft Store editions.
An RCE exploit allows attackers to remotely execute malicious code on a victim’s computer, potentially granting them near-total control.
Players reported alarming incidents during multiplayer matches, including:

Notepad taunts: Hackers opened Notepad on victims’ PCs, typing mocking messages like “just RCEd your ass” or referencing an entertainment law firm , Mitchell Silberberg & Knupp LLP on your PC.

System disruptions: PCs were forcibly shut down, or desktop wallpapers were changed, sometimes to explicit content.

Gamertag spoofing: Attackers mimicked players’ Gamertags to kick them from lobbies or harass them further.
Potential data theft: Cybersecurity experts warned that this exploit could allow hackers to install malware, ransomware, or data-stealing tools, though most reported cases involved trolling rather than severe damage.

When did the attack on Call of Duty: WWII happen?

The issue surfaced on July 2, 2025, shortly after the game’s Game Pass launch, which saw a surge in players revisiting the WWII-themed shooter. By July 5, Activision announced it was taking the PC version offline to investigate an unspecified “issue,” later linked to these RCE attacks. Social media posts from players, including prominent streamers like BAMS and content creators like TDAWG, amplified the warnings, with some sharing screenshots of hacking tools allegedly used to trigger these exploits.

How Does Something Like This Happen?

The root of this vulnerability lies in Call of Duty: WWII’s outdated peer-to-peer (P2P) networking system, a common feature in older games. Unlike dedicated servers, where all players connect to a centralized server managed by the developer, P2P systems rely on players’ machines to host matches.
This setup, while cost-effective for publishers like Activision, is inherently less secure. Attackers can exploit vulnerabilities in the game’s code to send malicious packets through the P2P connection, enabling them to run code on other players’ PCs.

Older Call of Duty titles, including Black Ops II and Modern Warfare 2 (2009), have faced similar issues due to neglected security updates. WWII, despite being only eight years old, appears to have been re-released on Game Pass without sufficient security patches, a problem exacerbated by its aging codebase and lack of modern anti-cheat measures. Activision’s Ricochet anti-cheat system, has been effective in newer titles but seems inadequate for older games like WWII.
Cybersecurity researchers, such as those from Malwarebytes and VX-Underground, noted that such vulnerabilities are an open-air secret in the Call of Duty community, particularly for titles on P2P networks.

The recent wave of layoffs at Microsoft-owned studios, including Sledgehammer Games (the developer of WWII), may have further strained resources for maintaining legacy titles, potentially contributing to this oversight.

How to Stay Safe?

If you’re a PC gamer eager to play Call of Duty: WWII or other older CoD titles, here are steps to protect yourself until a fix is confirmed:

Avoid Playing Online: Refrain from joining multiplayer lobbies in Call of Duty: WWII on PC, especially via Xbox Game Pass or the Microsoft Store. The campaign mode is likely safe, as it doesn’t rely on online connectivity.

Use your Anti-Malware Software: Use your anti-malware tools to detect and block potential threats. Regularly scan your system if you’ve played the game recently.

Monitor Your System: Check for unusual activity, such as unauthorized logins, strange pop-ups, or altered files. Tools like Wireshark or SIEM can help track network packets if you’re tech-savvy.

Enable Two-Factor Authentication (2FA): Secure your Activision, Steam, or Microsoft accounts with 2FA to prevent account theft, a common issue in older CoD games.

Consider Console Play: The RCE exploit is exclusive to the PC version, as consoles have stricter security protocols that limit code execution. If possible, switch to Xbox or stream via Xbox Cloud Gaming on Gamepass for a safer experience.

Uninstall Temporarily: If you have WWII installed, consider uninstalling it until Activision confirms a patch to avoid accidental exposure.

Stay Updated: Follow official Activision channels and check our Gamersuniverse News Page for updates on a fix. Avoid playing until a patch is explicitly announced.

If you suspect your PC was compromised, immediately disconnect from the internet, run a full system scan with anti-malware software.

What’s Next?

Activision has not provided a detailed statement beyond confirming that the PC version of WWII is offline for investigation. The company is likely working on a patch to address the RCE vulnerability, but no timeline has been shared. Given the severity of the exploit, a hotfix is expected soon, as the game’s recent Game Pass addition has drawn significant attention.

However, this incident raises broader questions about the security of legacy Call of Duty titles. With Microsoft’s acquisition of Activision Blizzard in 2023, more classic CoD games are expected to join Game Pass, including titles like Infinite Warfare and Black Ops. The community is concerned that similar vulnerabilities in other older titles could expose players to risks if not addressed proactively.

Activision may need to overhaul its approach to securing older games, potentially by transitioning them to dedicated servers or implementing modern anti-cheat systems. Transparency is also critical, players have expressed frustration over Activision’s vague communication and a clear statement on the issue’s scope and resolution timeline would help rebuild trust.

Final Thoughts

The Call of Duty: WWII RCE hack is a stark reminder of the risks associated with older online games, especially those relying on outdated P2P networking. While the exploits reported so far have been more about trolling than catastrophic data theft, the potential for serious harm (like malware or ransomware) cannot be ignored. For now, PC players should steer clear of WWII’s multiplayer mode, prioritize system security, and keep an eye on Activision’s updates.

This incident underscores the need for developers to prioritize security and updates for legacy titles, especially when re-releasing them on platforms like Game Pass.
As Call of Duty continues to expand its presence on modern services, Activision must ensure that nostalgia doesn’t come at the cost of player safety.

Stay vigilant, and let’s hope for a swift resolution so we can return to the beaches of Normandy without fear of a digital invasion.
Have you been affected by this hack, or are you holding off on playing WWII?
Share your thoughts in the comments below!

Keep the adventure going! Check out our latest posts for more tips, reviews and gaming news here: Gaming

Picture Source: Activiosn