Overview

• Since July 5, the Microsoft Store/Game Pass edition of Call of Duty: WWII has remained offline as Activision investigates a remote code execution vulnerability and provides no timeline for its return.
• The game’s Steam and Battle.net editions remain accessible and show no signs of the same security flaw.
• Hackers have used the exploit to freeze gameplay, launch Notepad pop-ups, force system shutdowns, and replace desktop wallpapers with explicit or trolling imagery.
• Security experts from VX-Underground, Invicti, and Malwarebytes warn that attackers could leverage the flaw to deploy information stealers, remote administration tools, or ransomware.
• Analysts say the incident underscores risks of migrating older titles with outdated engines and limited anti-cheat measures onto subscription services.