• 2 min read
Microsoft fixes Age of Empires II takeover bug
Microsoft patched a remote code execution flaw in Age of Empires II that could let attackers seize control of a victim’s PC via a malicious game invite.

Image: TechCrunch
Among Tuesday’s Patch Tuesday fixes, Microsoft quietly patched a serious flaw in the remastered Age of Empires II — a 25-year-old strategy game that could have given attackers control of a victim’s computer.
According to security researchers, the vulnerability let hackers trigger remote code execution by sending a specially crafted malicious game invite. A video posted on X by Rick de Jager showed the exploit chain in action.
“Join an attacker’s lobby, (auto-)accept UCG, and you get remote code execution.”
Rapid7 said a successful attack could have allowed hackers to place malicious files on a target machine, creating a path to run code on the victim’s computer. In practice, that would have let an attacker effectively take over the system.

Recommended reading
Asus will sell Xbox Ally X20 OLED on its own
The bug was fixed as part of a broader record Patch Tuesday for Microsoft, which patched a historic number of security issues across its products. TechCrunch reported that the unusually large batch was driven in large part by the use of AI to help Microsoft and external researchers find vulnerabilities.
There is no evidence the Age of Empires II flaw was exploited in the wild. Still, gamers can be an attractive target: compromising a popular multiplayer title can offer a route to deploy malware at scale and steal data such as passwords.
Culture Editor
Maya explores gaming, streaming, and the internet as a place where people actually live. From deep-dives into creator economies to the anthropology of digital communities, she tracks platform drama and cultural shifts so you don't have to. She believes the best tech stories are fundamentally about human behavior.
via TechCrunch


