Overview

• A remote code execution vulnerability in the Xbox PC Game Pass release allows attackers to run arbitrary code and seize control of players’ computers.
• Activision removed the Game Pass version on July 5 after acknowledging an “issue” via its Call of Duty Updates channel on July 4.
• Players shared footage of Notepad pop-ups, forced shutdowns and unsolicited desktop images during online matches as proof of the exploit.
• Steam and Battle.net editions of Call of Duty: WWII continue to operate, underscoring risks unique to integrating older titles into subscription services.
• Activision has provided no technical breakdown or patch schedule for the flaw, drawing criticism over its limited disclosure.