Activision has quietly taken down the Microsoft Store version of Call of Duty: WWII after hackers exploited a critical security flaw, which reportedly led to several players having their PCs compromised
The game, originally released in 2017, was recently re-launched on Microsoft’s platform and included with Xbox Game Pass — a subscription service that offers access to a library of games. Last week, Activision announced it had taken this version of Call of Duty: WWII offline due to “reports of an issue,” but didn’t elaborate on the specifics.
Now, a source with direct knowledge of Activision’s internal response tells us the real reason: a vulnerability in that particular PC build was being actively exploited by hackers. While Activision works to fix the flaw, the game remains unavailable to Game Pass and Microsoft Store users. The individual spoke on condition of anonymity, as they were not authorized to speak publicly.
Reports began surfacing on social media and gaming forums, with several players claiming they had been hacked while playing the game. On Reddit, one user warned:
“The game is not safe to play on PC right now, there’s an RCE exploit.”
That’s short for remote code execution, a serious type of vulnerability that can let hackers run malicious code on someone’s system — often without any action on the victim’s part. This kind of exploit can be used to install malware, steal personal data, or take full control of a computer.
So far, Activision has not publicly commented on the hack, nor responded to multiple requests for clarification. According to two sources, the Microsoft Store and Game Pass versions of Call of Duty: WWII differ from the Steam version. While Steam’s version had previously been patched, these newly re-released versions reportedly still carried an old, unpatched bug — the same one now at the center of this security mess.
At the time of publishing, the game is still offline, according to Activision’s own status page.
This isn’t the first time the publisher has had to deal with cybersecurity concerns. In 2023, hackers exploited a years-old bug in Modern Warfare to spread self-replicating malware among players. Then in early 2024, a wave of targeted attacks using infostealer malware hit Call of Duty players. And in November 2024, a hacker discovered a flaw in Activision’s anti-cheat system that let them wrongfully ban thousands of real users.
Despite these repeated incidents, Activision has seen several rounds of layoffs over the past few years — some of which, according to reports, hit the company’s cybersecurity teams directly.
As the video game industry faces increasingly sophisticated cyberattacks, some publishers have stepped up their investment in security. But in Activision’s case, the recent history raises tough questions about whether enough is being done to protect players.
Also Read : Fortnite Maker Epic Games Settles Antitrust Dispute with Samsung
