Yes, installing Call of Duty WWII from Game Pass could let hackers control your PC. Here’s what you should know about the exploit and why it’s so dangerous.
Game Pass Security Concerns – Call of Duty WWII RCE Exploit
Call of Duty: WWII recently joined Game Pass and was a welcome sight until people realized that their systems are being compromised by hackers.
It’s safe to assume that both Activision and Microsoft knew about the issue, yet the game was still allowed on Game Pass.
The game is not safe to play on PC right now, there's an RCE exploit
byu/spluad inWWII
After a week, the game in question, along with several others, was taken down from Game Pass until further notice.
At the time of writing, there had been no Activision response explaining why the games are unavailable. However, we can safely assume the issues are connected. It’s hard to say whether Activision or other related companies will finally look into it and patch the holes; it’s not the first time, and a lot of the issues from the Steam version of most CoD games from before 2019 were known for years.
The exploit is related to the PC Game Pass version of the game; no need to panic if you’re on console.
What is an RCE Attack?
RCE stands for Remote Code Execution. In simple terms, it means that a hacker gains the ability to remotely run malicious code on their victim’s system in real time without the victim’s knowledge or permission.
How RCE Attacks Happen?
To prepare and execute an RCE attack, hackers often resort to using various holes and vulnerabilities that exist on the victim’s side to bypass security measures; this could be an operating system that is out of date or an old game or piece of software that no longer receives security updates but still allows online connectivity. Hackers may target those specific weak points and obtain the rights to execute any code on the victim’s machine.
Microsoft have decided that the RCE does not violate their terms
byu/spluad inWWII
When a game has online features but goes offline due to its age or lack of interest from the players, it’s not uncommon for that game to retain its peer-to-peer capabilities to allow players to create their own servers and keep playing with others long after the official servers are dead. However, this leads to potential risks, as the game doesn’t receive any security updates anymore, and thus, any newly discovered vulnerabilities may lead to exploitation in the future.
Cybersecurity in Gaming – How to Stay Safe from RCE Exploits?
In general, all you need to do to prevent RCE attacks is to keep your system and applications updated.
Unfortunately, CoD WWII exploit is related to legacy game vulnerabilities, and there’s not much you could’ve done to prevent hackers from causing harm, which is why this specific case of RCE was particularly dangerous and concerning.
A possible workaround is to use something like the Plutonium Project or AlterWare – community-driven initiatives that make playing old CoD games online relatively safe, as it’s done through dedicated servers. Newcomers to CoD WWII who got the game on Game Pass couldn’t have possibly known this, though, and so they were put at risk due to negligence from Activision and Microsoft.
Conclusion
Activision wasn’t particularly interested in updating their old games, including the pre-2019 Call of Duty series, so it would be wise to stay away from them, unless you’re planning to exclusively play a single-player campaign. Even then, it’s advised to disable the internet connection during play.