Call of Duty: WW2 Removed from PC Due to Remote Code Exploit, Causing Annoying Notepad Pop-ups, System Shutdowns, and Lawyer Desktop Wallpaper
A serious remote code execution (RCE) exploit has been discovered in the Xbox PC version of Call of Duty: WWII, leading to widespread reports of gamers' PCs being hijacked during live multiplayer matches. This security flaw allows attackers to run malicious code on victims' computers without their consent or physical access, exploiting vulnerabilities in the game's peer-to-peer networking system.
The RCE vulnerability, which came to light shortly after the game was added to Microsoft’s PC Game Pass, has been linked to the game's outdated anti-cheat mechanisms and reliance on peer-to-peer networking, making the PC versions more vulnerable. Affected players have reported various trolling incidents facilitated by the exploit, including opening command prompts on victims' PCs, displaying mocking messages via Notepad pop-ups, forcing remote shutdowns of computers, and changing desktop wallpapers to inappropriate images.
Activision has since taken the PC Game Pass version of the game offline to address the issue, though the precise timeline and fixes, including any updates to the anti-cheat system "Ricochet," remain uncertain. While no reports have surfaced about permanent damage beyond trolling and inconvenience, the exploit is considered highly dangerous as it could potentially lead to more severe attacks such as data breaches or malware installation.
VX-Underground, a white hat group, has analysed the RCE exploit and believes it could potentially deploy information stealer malware, a Remote Administration Tool (RAT), or ransomware. User @LasagneManne claims to have been offered the opportunity to buy the RCE exploit, further highlighting its potential danger.
Gamers, particularly those on the Xbox PC Game Pass, have expressed their dissatisfaction with the RCE exploit, with streamer Wrioh posting a video showing their game freezing, dialogue boxes appearing, and their desktop wallpaper being changed. Rich Stanton, a seasoned games journalist with 15 years of experience, has also weighed in on the issue, stating that the RCE exploit is one of the worst cyber-attacks due to its potential for damage.
Activision has not yet directly addressed the reports of the RCE exploit, but the game's removal from the PC Game Pass platform suggests that the company is taking the issue seriously. As the situation develops, gamers are advised to exercise caution when playing Call of Duty: WWII on the Xbox PC and to keep their antivirus software up-to-date.
The RCE vulnerability, discovered in Call of Duty: WWII on the Xbox PC Game Pass, has been linked to its outdated anti-cheat mechanisms and reliance on peer-to-peer networking, making it a potential threat for cybersecurity breaches like data breaches or malware installation. Activision, following the reports, took the game offline to address the issue, but the precise timeline and fixes are yet to be announced. VX-Underground, a white hat group, has analyzed the RCE exploit and believes it could potentially deploy information-stealing malware, a Remote Administration Tool (RAT), or even ransomware.
