Activision Took Down Call of Duty Game After PC Players Hacked

Activision removed "Call of Duty: WWII" from Microsoft Store and Game Pass after hackers exploited a security vulnerability that allowed them to compromise players' computers, TechCrunch reported Tuesday, citing a source. The gaming giant took the 2017 first-person shooter offline last week while investigating what it initially described only as "reports of an issue."

Players posted on social media claiming their systems had been hacked while playing the game. The vulnerability was a remote code execution exploit that enables attackers to install malware and take control of victims' devices. The Microsoft Store and Game Pass versions contained an unpatched security flaw that had been fixed in other versions of the game.

THE ONLY COD I OWN

[Mirddes]

patch pending?

Re:

[Brain-Fu]

This is why people should practice "device segregation" if they can afford to do so.

It means you have one computer that you use for online banking, investing, and tax filing.

A separate computer is for gaming, shopping, and browsing online.

This way, even if you get hacked though the sorts of risky activities that involve installing a lot of software that runs locally, and roaming around the open internet, the hackers won't steal anything related to your nest egg. Or your social security number.

The good news

So the PS3 servers are apparently still up

[rsilvergun]

For a lot of games and there's an entire world of people out there still gaming on the PS3. There's a guy who runs a YouTube channel who goes around asking them why they still game on PS3. It's usually just that it's Dads that occasionally get to play a little bit and don't see the point of upgrading since they only play every couple of weeks for maybe a half hour 45 minutes

Kernel or userspace?

[Torodung]

If this is an exploit in the anti-cheat driver, that's a far more serious matter.

I hope it's a userspace hack.

Re:

[drinkypoo]

I hope it's a userspace hack.

I hope it's a vulnerability in a kernel DRM component so that gamers learn to hate that bullshit more.

Re:

[tlhIngan]

I hope it's a vulnerability in a kernel DRM component so that gamers learn to hate that bullshit more.

Gamers do hate it. It's not DRM, but anti-cheat, so it's only really accepted as a necessary evil, because cheating in online multiplayer games, especially popular ones like CoD, is rampant. Unless you can come up with a way to resolve this, it's going to be around. Network communications can be secured with TLS, but you can still cheat using hacks that don't even interact directly with a program. There are

How does something like that happen?

[dgatwood]

Everywhere I've ever worked, when you release an update to one channel, you release to all channels. This sort of process should be scripted and automatic, to the maximum extent possible. More to the point, there should have been someone responsible for making sure that critical updates have been successfully pushed out to every channel before they declare the update release process closed. There literally should have been someone checking on this on a daily basis for that entire time.

So unless this security bug was just fixed on those other platforms within the last single-digit days, what we have here is a serious process problem, and if it can happen on one game, it can happen on any Activision game. What is Activision doing to fix its processes to ensure that nothing like this ever happens again?

Re:

[tlhIngan]

This is videogame development. You almost never have a "main" where all your games are made from - a game is a self-contained app.

Typically development starts by cloning a copy of the game engine to where you will do your development. This will go into a new tree because after the game is released, other than updates, it will never be used again. Even though you have say, Call of Duty 1 and Call of Duty 2, they are about as same as Microsoft Word and Microsoft Excel.

So it's likely it was discovered and fixe

Re:

[dgatwood]

This is videogame development. You almost never have a "main" where all your games are made from - a game is a self-contained app.

Typically development starts by cloning a copy of the game engine to where you will do your development. This will go into a new tree because after the game is released, other than updates, it will never be used again. Even though you have say, Call of Duty 1 and Call of Duty 2, they are about as same as Microsoft Word and Microsoft Excel.

Yeah, but the summary says "The Microsoft Store and Game Pass versions contained an unpatched security flaw that had been fixed in other versions of the game." Not other games based on the same engine. Other versions of the same game. I assume that they have one product manager that oversees Call of Duty: WWII, and that this person should be aware of what's happening on every platform.

So it's likely it was discovered and fixed for one game, but that fix was not propagated to other trees because well, they're pretty much all independent and to do so would require manually applying the patch.

This is why real software companies have "one version" policies, where you aren't allowed to check in a single project in

Re:

[drinkypoo]

"The Microsoft Store and Game Pass versions contained an unpatched security flaw that had been fixed in other versions of the game."

"The game for the Microsoft Store and Game Pass remains down at the time of publication, per Activisionâ(TM)s status page."