
Microsoft patches bug in video game Age of Empires II
Quick Answer
Microsoft has patched a critical vulnerability in Age of Empires II that allowed remote code execution via malicious game invites.
Quick Take
Microsoft has patched a critical vulnerability in Age of Empires II that allowed remote code execution via malicious game invites. This fix is part of a broader security update addressing a record number of bugs, aided by AI. No evidence of exploitation has been reported, but the risk to gamers remains significant.
Key Points
- The vulnerability, CVE-2026-50663, allowed hackers to take control of victims' computers.
- Attackers could exploit the flaw by sending custom malicious game invites.
- Microsoft's update addressed a historic number of security bugs across its products.
- Cybersecurity firm Rapid7 highlighted the potential for malware installation targeting gamers.
- No confirmed cases of the bug being exploited in the wild have been reported.
📖 Reader Mode
~1 min readOn Tuesday, Microsoft patched a historic record number of security bugs across its product lines, in large part due to the use of AI to help the company and external researchers discover bugs.
Among the fixed vulnerabilities was one for the remastered version of the classic 25-year-old war strategy video game Age of Empires II. The flaw allowed hackers to take over a victim’s computer by sending a custom malicious game invite, according to security researchers.
A video posted on X shows how the flaw could be exploited by hackers.
— Rick de Jager (@rdjgr) July 15, 2026Here’s the Age of Empires RCE from yesterday’s Patch Tuesday: CVE-2026-50663.
Join an attacker’s lobby, (auto-)accept UCG, and you get remote code execution. pic.twitter.com/QmMkY07C8S
According to cybersecurity firm Rapid7, a successful attack would have allowed hackers to place malicious files on the victim’s computer, opening the door for the hacker to achieve the ability to run malicious code on the victim’s machine.
That means, effectively, the hacker could have taken over control of the hacked computer.
There is no evidence that this bug was successfully exploited in the wild by hackers. But targeting video gamers can be an effective way to install malware on a high number of victims’ computers and steal their passwords, for example.
— Originally published at techcrunch.com
Want this in your inbox every morning?
Daily brief at your local 8am — bilingual EN/中文, free.
More from TechCrunch
See more →
OpenAI launches its new family of models with GPT-5.6
OpenAI has launched GPT-5.6, featuring three models: Sol, Terra, and Luna, with Sol being 54% more token efficient for coding tasks. The models excel in cybersecurity and enterprise applications, outperforming competitors like Anthropic's Fable in benchmarks. Pricing starts at $1 for Luna and goes up to $30 for Sol per million tokens.

