Activision has pulled the PC Game Pass version of Call of Duty: WW2 offline while it investigates an unspecified “issue” some reports claim is a remote code execution exploit that’s left some players grappling with app pop-ups, PC shut downs, and even screens full of pornography.
Call of Duty: WW2 made its PC Game Pass debut at the end of June, but the celebrations were short-lived. The shooter has now been taken offline, affecting both the Game Pass and the PC Microsoft Store release, but not those available elsewhere, including Steam and Battle.net.
As to why this has happened, Activision’s official response is vague, only saying the game was “brought offline while we investigate reports of an issue”. However, there’s evidence from the community that the newly released version of Call of Duty: WW2 may be vulnerable to remote code execution exploits, enabling an attacker to run malicious code on a player’s PC.
Call of Duty streamer Wrioh, for instance, posted to social media with claims of being “hacked”. An accompanying video showed their gaming session being interrupted by a pop-up text window proclaiming to have “just RCE’d your ass”, before it’s revealed Wrioh’s desktop wallpaper has been changed to an image of a beaming lawyer.
In another post, the VX-Underground malware and cybersecurity research collective (thanks PC Gamer) shared additional images of a purported CoD: WW2 RCE attack, including an in-game error message featuring the phrase, “Your PC is now mine”. In an accompanying message, VX-Underground referenced an “unpatched RCE exploit” and claimed, “Someone is trolling gamers with Notepad pop ups, PC shutdowns, and gay pornography.”
VX-Underground member Smelly then provided an “educated guess” as to what’s happening in Wrioh’s video. “The concern in this particular case,” they summarised, “is that this means an attacker is capable of deploying information stealer malware, a RAT (remote administration tool), or ransomware. Thankfully, it appears this attacker is primarily interested in memeing and fucking with people.” There’s a little more technical detail in the full post.
Call of Duty: WW2 for PC Game Pass and the Microsoft Store has now been offline since the weekend, with no sign of its imminent return and no update from Activision. While RCE vulnerabilities have been associated with numerous other games in recent years, including Nintendo’s Mario Kart 8 and Valve’s Counter-Strike: Global Offensive, perhaps the most notable example is FromSoftware’s Dark Souls series. It took over ten months for Dark Souls Remastered’s online support to be restored after being pulled in 2022, so Call of Duty: WW2 fans will likely be hoping for a speedier resolution. We’ve asked Activision for comment.