Microsoft fixes Age of Empires II flaw tied to malicious game invites
Microsoft patched a security bug in Age of Empires II that researchers said could have let attackers take control of a player’s computer.
By Theo Nakamura · Staff Writer
· 3 min read
Microsoft has fixed a security flaw in Age of Empires II that researchers said could have turned a game invitation into a way to compromise a player’s computer. For investors watching Microsoft, the patch is a small but useful reminder that the company’s security burden stretches across old franchises, consumer software and core enterprise products.
The bug affected the remastered version of Age of Empires II, the long-running war strategy game. Microsoft listed the issue as CVE-2026-50663 in its security update guide, and the company included the fix in a broader Tuesday patch release across its product lines.
According to TechCrunch, Microsoft’s Tuesday update covered a record number of security vulnerabilities, with the company citing the use of artificial intelligence by Microsoft and outside researchers to help find bugs. AI-assisted bug hunting means software tools can help scan for weaknesses, though companies still need to verify, prioritize and patch the problems they find.
How the flaw worked
Security researchers said the Age of Empires II vulnerability could be triggered through a specially crafted game invite. If an attacker succeeded, the invite could have led to the victim’s machine being compromised.
Rapid7, a cybersecurity firm, said a successful attack could have allowed an attacker to put harmful files on the target computer. That could then create a path to running malicious code, meaning instructions chosen by the attacker, on the victim’s system.
In plain terms, that kind of access can move the problem beyond the game itself. Malware, which is software designed to harm a device or secretly control it, can be used to steal passwords, install additional tools or give an attacker broader control over a computer.
A video posted on X showed how researchers said the flaw could be exploited. Microsoft’s patch is meant to close that route before it can be used against players who install the update.
No known exploitation reported
There is no evidence that attackers successfully used this Age of Empires II bug in real-world attacks, according to TechCrunch. That distinction matters: a vulnerability can be serious even when there is no public sign that it has already been abused.
Video games remain attractive targets because they connect large communities of users, often through invites, multiplayer sessions, downloads and chat. TechCrunch noted that attacks aimed at gamers can be an effective way to spread malware to many computers and steal credentials such as passwords.
The Age of Empires II fix landed inside a much larger Microsoft security update, rather than as a standalone consumer alert. For players, the practical takeaway is straightforward: keeping games and launchers updated closes known holes that attackers may try to copy after public disclosure.
For Microsoft, the episode shows how even a decades-old gaming brand can create modern cybersecurity risk. The company’s patch cycle now has to cover everything from Windows and cloud software to remastered games that still have active online communities.
This story draws on original reporting from TechCrunch.