Microsoft Fixes Age of Empires II Flaw That Could Let Hackers Hijack Players’ Computers
Microsoft has patched a serious vulnerability in Age of Empires II: Definitive Edition that could have allowed attackers to execute malicious code on another player’s computer through the game’s online multiplayer features.
The flaw, tracked as CVE-2026-50663, was addressed as part of Microsoft’s July security updates. It received a severity score of 8.8 out of 10 and was classified as an «important» remote-code-execution vulnerability.
According to the published security assessment, the weakness involved relative path traversal, a technique that can allow specially crafted files to escape their intended storage location and reach other areas of a device.
Security researchers said an attacker could exploit the vulnerability by sending a malicious multiplayer game invitation containing manipulated data. A targeted player would still need to accept the invitation and join the game for the attack to succeed.
Successful exploitation could allow the attacker to run code with the victim’s privileges, potentially enabling access to files, installation of malware or further compromise of the affected Windows computer.
Microsoft said exploitation was considered less likely and reported no evidence that the vulnerability had been publicly disclosed or actively used in attacks before the update became available.
The vulnerability affects Age of Empires II: Definitive Edition, the remastered version of Microsoft’s influential real-time strategy game. The original title was released in 1999, while the Definitive Edition arrived in 2019 with updated graphics, new content and online multiplayer support.
Players should install the latest available game update before accepting invitations or joining multiplayer sessions involving unknown users. Reports tracking the fix identify version 101.103.46651.0 as the corrected release.
The unusual gaming-related vulnerability appeared within Microsoft’s largest monthly security release to date, which addressed hundreds of weaknesses across Windows, Office, SharePoint, SQL Server, Visual Studio, Microsoft Edge and other products.
The July update also included fixes for critical vulnerabilities affecting products such as SharePoint Server, SQL Server, Windows networking components and the Minecraft Bedrock Dedicated Server.
Microsoft has attributed the recent growth in vulnerability discoveries partly to wider use of artificial intelligence by its internal engineering teams and external security researchers.
The company says AI-assisted systems can examine large codebases, detect weaknesses and help researchers develop proof-of-concept attacks more rapidly. Microsoft has also used its own multi-model security system to uncover vulnerabilities across Windows networking and related services.
Although faster discovery enables companies to correct more flaws, it also increases pressure on businesses and consumers to install updates quickly, as attackers can use similar AI tools to study newly disclosed vulnerabilities and develop exploits.
The Age of Empires II case demonstrates that security risks are not limited to operating systems and workplace software. Online games can also become attack routes because they exchange files, invitations and other data between users’ computers.
