Microsoft has issued a security patch for a critical vulnerability in Age of Empires II: Definitive Edition, the remastered version of the classic 25-year-old strategy game. The flaw, disclosed by cybersecurity firm Rapid7, allowed attackers to take control of a victim's computer simply by sending a specially crafted game invite.
According to Rapid7's analysis, a successful exploit would have enabled hackers to place malicious files on the target system, ultimately granting them the ability to run arbitrary code. That effectively handed over full control of the compromised machine, potentially allowing attackers to steal passwords, install ransomware, or spy on users. A video demonstration of the exploit was posted on social media platform X.
The patch arrived as part of a historic security update from Microsoft, which fixed a record number of bugs across its product lines. The company credited the use of artificial intelligence for helping both its own engineers and external researchers uncover vulnerabilities at an unprecedented scale. While there is no evidence that the Age of Empires bug was ever exploited in the wild, security experts warn that video games are an increasingly attractive vector for cybercriminals looking to infect large numbers of devices.
For UK businesses and consumers, the incident highlights the growing risk of cyber attacks targeting seemingly innocuous software. Gamers, in particular, are often targeted because gaming platforms can bypass traditional security controls, and many users reuse passwords across multiple services. The UK's Information Commissioner's Office (ICO) has previously urged software vendors to prioritise security-by-design, while the EU's AI Act—which will impose stricter rules on high-risk AI systems—could influence how companies like Microsoft deploy AI in vulnerability detection.
Dr. Eleanor Frost, a cybersecurity researcher at the University of Cambridge, commented: 'This is a reminder that even legacy software, when updated and connected online, can introduce serious risks. The use of AI to find bugs is a double-edged sword—it makes patching faster, but it also means attackers can weaponise the same tools. For the UK economy, the cost of unpatched vulnerabilities runs into billions of pounds annually in lost productivity and recovery.'
Microsoft has urged all players of Age of Empires II: Definitive Edition to install the latest update immediately. The company has not disclosed whether further vulnerabilities remain in the game, but security researchers expect ongoing scrutiny of gaming software as a prime target for cyber attacks.