Microsoft Patches Bug in Age of Empires II

▼ Summary
– Microsoft patched a record number of security bugs on Tuesday, partly due to AI-assisted bug discovery.
– A fixed vulnerability in Age of Empires II: Definitive Edition allowed hackers to take over a victim’s computer via a malicious game invite.
– The flaw, designated CVE-2026-50663, enabled remote code execution when a victim joined an attacker’s lobby.
– A successful attack could let hackers place malicious files and run code on the victim’s machine, effectively gaining control.
– There is no evidence the bug was exploited in the wild, but targeting gamers is an effective method for malware distribution.
On Tuesday, Microsoft issued its largest-ever batch of security patches, covering a historic number of vulnerabilities across its product ecosystem. The surge in fixes is largely attributed to the expanding role of AI in bug discovery, which has helped both the company and external researchers identify flaws at an unprecedented scale.
Among the patched vulnerabilities is a critical remote code execution (RCE) bug in the remastered edition of the classic war strategy game Age of Empires II, a title that first launched 25 years ago. Security researchers revealed that the flaw could be exploited by sending a specially crafted malicious game invite. Once a player accepted, the attacker could gain full control over the victim’s computer.
A demonstration of the exploit was posted on X, showing how the attack unfolds in real time. The vulnerability is tracked as CVE-2026-50663.
> “Join an attacker’s lobby, (auto-)accept UCG, and you get remote code execution,” wrote security researcher Rick de Jager in the post.
According to Rapid7, a cybersecurity firm that analyzed the bug, a successful exploit would allow an attacker to drop malicious files onto the target system. From there, the hacker could execute arbitrary code, effectively seizing control of the machine.
There is no evidence that this vulnerability was ever actively exploited in the wild. Still, targeting gamers remains a potent strategy for cybercriminals. By compromising a popular game like Age of Empires II, attackers could infect a large number of machines, steal passwords, or deploy ransomware.
(Source: TechCrunch)




