Call of Duty: WWII Game Pass Release Marred by Dangerous RCE Exploit

Just days after Call of Duty: WWII was added to Microsoft’s Game Pass lineup, players are sounding the alarm over a critical security flaw. Reports of a Remote Code Execution (RCE) exploit are spreading rapidly, with multiple users claiming their PCs were compromised mid-game. The exploit appears to allow attackers to execute malicious code on players’ systems.

The issue first surfaced on July 2, 2025, two days after WWII joined Game Pass for PC. Affected players reported unusual behavior while playing, including random Notepad popups, forced PC shutdowns, and even explicit content appearing on secondary monitors.

The attacks seem tied to the game’s multiplayer component, with several players stating that their Gamertags were spoofed or they were forcibly disconnected from sessions.

Streamers Sound the Alarm

The situation gained traction after content creator BAMS issued a stark warning on social media: “WWII on Game Pass is not safe to play.”

Other creators followed suit, including Wrioh, who shared a video of his system being hijacked during a live stream. In the clip, a Notepad window opens mid-game with the message: “Marc E Payer just RCE’d your a**, please contact Mitchell Silberberg and Knupp LLC,” before his PC crashes to desktop.

These accounts lend serious credibility to user concerns and have caused widespread panic across X and Reddit. Many are now urging others to uninstall the game entirely until a fix is deployed.

Why RCE Exploits Are So Dangerous

Remote Code Execution exploits are among the most severe security threats in any software. They allow attackers to run arbitrary code on a victim’s machine without their knowledge or consent. In a game like Call of Duty: WWII, where peer-to-peer matchmaking is still in use, such vulnerabilities can be particularly easy to exploit.

RCE attacks explained (Image Source: Patch My PC)

While many older Call of Duty titles have been known to contain RCE flaws, the assumption was that any re-releases via Game Pass or the Microsoft Store would come with security patches. Titles like Black Ops III reportedly received improvements. But WWII, it seems, did not.

No Official Response Yet

As of now, Activision has not issued a public statement addressing the reports. Microsoft briefly took ten Call of Duty games offline for maintenance yesterday, including WWII, but did not confirm whether it was in response to the RCE incident. With the Xbox division recently hit by layoffs, including Sledgehammer Games, the developers of COD: WWII, concerns are mounting over how quickly a fix patch might arrive.

The scale of the issue remains unclear. There’s no indication that affected users were running modified versions of the game or third-party tools, suggesting the vulnerability may be inherent to the Game Pass release itself.

What Players Can Do

Until further notice, players are strongly advised to:

• Avoid launching Call of Duty: WWII on PC, especially via Game Pass
• Stay offline or disable multiplayer access
• Enable firewalls and endpoint protection software
• Run malware and system integrity scans if suspicious behavior occurred
• Report incidents via Microsoft’s official support page HERE.

Until Microsoft or Activision provides clarity and a patch, Call of Duty: WWII on PC is best left untouched.

Stay tuned to Strafe Esports for more Call of Duty news and information. Follow our social media for updates of everything going on the gaming world.

Feature image credit: Activision

Read also:

Rocket League Owner Epic Games Faces Patent Lawsuit Over In-Game Chat System