NEWS
Call of Duty’s Anti-Cheat Bypass Scare Was a Microsoft Azure Bug
Activision says Call of Duty’s Ricochet anti-cheat is secure after CVE-2026-45642 let PCs spoof Secure Boot; Microsoft fixed it on its own servers.
Call of Duty’s anti-cheat team spent the past few weeks knocking down claims that hackers had already cracked its newest defense, and the fix behind that reassurance came from Microsoft, not Activision. The flaw, tracked as CVE-2026-45642, let a tampered PC report Secure Boot as switched on when it wasn’t, fooling the cloud check Ricochet leans on for Black Ops 7’s ranked playlists. Microsoft says it patched the hole on its own servers before the clip claiming to prove it even went viral.
The bug never lived in Call of Duty’s code. It sat inside Microsoft Azure Attestation, the same cloud verification service Microsoft sells to businesses well outside gaming, which means a viral video about aimbots ended up exposing a crack in infrastructure that has nothing to do with Warzone.
A Bootkit Video Sets Off a Panic on X
The scare started with a post flagging the spoofing flaw from a security researcher who posts under the handle Nick Peterson. On June 9, he wrote that parts of Microsoft Azure Attestation had been vulnerable to spoofing, adding that “SecureBoot in this case, spoofed as ON from a malicious bootkit.”
The claim spread fast. A video posted alongside it appeared to show someone slipping past the checks Call of Duty added for Ranked Play. CoD fans took it as proof the entire Season 4 security push was broken before it even shipped, and PCGamesN was first to report the backlash building on X.
The Call of Duty Community Team answered quickly.
Look again, and you’ll see Microsoft already fixed this. Much like our own private bug bounty, we’re grateful for those who report security vulnerabilities to our partners responsibly.
the Call of Duty Community Team wrote in a reply thread on X, framing the episode as responsible disclosure rather than a live exploit. The team added that Microsoft Azure Attestation remains a core piece of Ricochet, not a discarded one.

What Microsoft’s Own Security Advisory Says
Microsoft’s advisory confirms the bug was real. It describes “an authorized attacker to perform spoofing with a physical attack” against both Azure Attestation and the related Device Health Attestation Service. That phrasing matters more than the panic suggested. A physical attack means whoever pulled this off needed hands-on access to a machine, not a remote push capable of flooding Call of Duty overnight.
Microsoft says it already deployed a service-side fix and that no customer patching or update installation is required, since the correction lives in Microsoft’s cloud rather than on individual PCs. The company also told administrators to stop relying on two specific signals, the EV_EFI_VARIABLE_AUTHORITY and EV_EFI_BOOT_SERVICES_APPLICATION events, when making attestation security decisions going forward.
Why Does a Video Game Need Microsoft’s Cloud?
Ricochet, Call of Duty’s in-house anti-cheat system, cannot fully trust a check that runs on the player’s own PC because a modified system can simply lie about its own settings. Microsoft Azure Attestation asks the PC to prove its security state to Microsoft’s servers instead, then reports that verdict back to the game before a competitive match ever starts.
Local checks run on the same computer a cheater controls, so a tampered system can report back that everything looks fine. Remote attestation moves that judgment call off the player’s machine, verifying the same settings through Microsoft’s own infrastructure.
- TPM 2.0 – a hardware chip on the motherboard that stores encryption keys and helps prove a PC hasn’t been tampered with.
- Secure Boot – a UEFI firmware setting that only allows signed, trusted software to load when a PC starts up.
- Microsoft Azure Attestation (MAA) – a cloud service that checks those two settings against Microsoft’s own servers instead of trusting the PC’s self-report.
Together, these three pieces are why a Call of Duty match now depends on decisions made in a Microsoft data center before anyone fires a shot.
Ricochet Has Had Real Bypasses Before
This isn’t the first time Activision has told players a Ricochet bug was closed. The system, launched in 2021, has a documented history of exploits that worked exactly as advertised, until they didn’t.
| Year | What Went Wrong | How Activision Responded |
|---|---|---|
| 2021 | Ricochet’s kernel-level driver leaked to cheat-making forums before launch | Called it part of controlled testing, said the exposure mainly helped less advanced cheat makers |
| 2024 | A hacker known as Vizor used hardcoded ban trigger words to frame thousands of Warzone and Modern Warfare III players as cheaters | Patched the workaround and restored every affected account |
| 2026 | CVE-2026-45642 let a spoofed Secure Boot flag pass Azure Attestation checks | Microsoft shipped a server-side fix before the claims went viral on X |
Speaking to a widely cited 2024 report on the exploit, Vizor said, “I could have done this for years.” Activision’s own statement on that episode, carried in a report on the restored accounts, said it had “identified and disabled a workaround” without detailing exactly what it was.
Season 4 Raises the Bar for PC Players
Season 4 went live June 4, and with it came a harder line. Activision now requires modern PC security standards just to access competitive playlists in Black Ops 7 and Warzone, according to the Season 4 progress report.
Players who fail the Microsoft Azure Attestation check get funneled into a separate matchmaking pool instead of being banned outright. Layered on top of that requirement, Ricochet’s broader defenses now include:
- Reduced Matchmaking for Failed Attestation (Season 4): players missing TPM 2.0 or Secure Boot get a “Failed Attestation Status” notice and a separate matchmaking pool.
- Unauthorized Input Device Enforcement (Season 4): tighter detection for Cronus Zen and XIM Matrix, the scripted controllers Activision has fought since Season 2.
- SMS Two-Factor Authentication (Season 3): required for new free-to-play PC accounts, aimed at repeat offenders who create throwaway accounts.
Activision says nearly two-thirds of players temporarily banned for scripted input devices don’t go back to using them once they return to Black Ops 7. The crackdown lands as Activision keeps trimming Warzone’s footprint elsewhere too, with Xbox One and PS4 copies delisted in June.
The Numbers Ricochet Is Leaning On
Activision keeps pointing to scale to defend Ricochet’s record, even with a Microsoft-side bug in the headlines.
- 97% of cheaters were stopped within 30 minutes of first sign-in during the Black Ops 7 beta.
- Less than 1% of cheating attempts reached an actual match.
- 40+ cheat developers and resellers have been shut down since Black Ops 6 launched.
- 800,000+ accounts were permanently banned across Call of Duty titles in the past year, per Team RICOCHET’s own tally.
Team RICOCHET disclosed that ban total in a year-end recap covering 2025, crediting stepped-up legal pressure on cheat sellers alongside the technical fixes.
No Release Date Yet for the Bigger Fix
Season 4 already carries the tighter Azure Attestation rules. The larger overhaul Activision has teased, the one meant to fold in lessons from the spoofing bug, still has no announced date beyond arriving sometime during Season 4, which is live now.
Activision is handing out temporary suspensions, not permanent bans, to players caught using Cronus Zen and XIM Matrix, betting that a cooldown changes behavior faster than an outright ban. Whatever Ricochet becomes by the end of Season 4 will likely carry into Modern Warfare 4’s return of DMZ mode, the next mainline entry built on the same anti-cheat foundation.
For now, the only confirmed fix is the one Microsoft already shipped on its own servers.
Frequently Asked Questions
What Is Microsoft Azure Attestation?
Microsoft Azure Attestation is a cloud service that verifies a device’s security settings from Microsoft’s own servers rather than trusting the device’s self-report. Call of Duty uses it to check TPM 2.0 and Secure Boot before letting PCs into ranked play. The same service, named alongside Microsoft’s Device Health Attestation Service in the CVE-2026-45642 advisory, also verifies device compliance for businesses managing employee laptops, well outside gaming.
Was Call of Duty’s Anti-Cheat Actually Hacked?
No widespread hack has been confirmed. A researcher demonstrated that one Azure Attestation signal could be spoofed with physical access to a machine, and Microsoft closed that signal on its servers before the claims spread widely on X. Activision has not reported any wave of new cheaters tied to the bug.
Do Players Need to Update Anything After CVE-2026-45642?
No player action is required for that specific bug, since Microsoft’s fix lives entirely on its own servers. Players still need TPM 2.0 and Secure Boot enabled to reach ranked play, and some AMD systems running TPM software in the 3.x.0.x range need a BIOS update first before they can pass the check.
What Happens If My PC Fails the Ricochet Attestation Check?
A failed check doesn’t mean a ban. Season 4 limits non-compliant PCs to Nuketown 24/7 in Black Ops 7 and Battle Royale Casual in Warzone, and blocks partying up with compliant PC players or console players until the system passes.
When Will Activision Release the Bigger Ricochet Update?
There’s no confirmed date. Activision has only said the expanded update arrives during Black Ops 7 Season 4, which started June 4, describing its rollout as intentionally phased rather than a single patch, meaning further requirements could tighten gradually as the season continues.
-
AZURE1 month agoMicrosoft’s MAI Models Signal a Five-Year Bet on AI Independence
-
NEWS1 month agoCall of Duty Warzone Delisted on Xbox One and PS4 June 4
-
AZURE1 month agoMicrosoft IQ Gives Enterprise AI Agents a Shared Memory
-
NEWS1 month agoXbox Games Showcase 2026: Start Time, Expected Games, What to Watch
-
AZURE1 month agoAnthropic Hits $965B, and Microsoft Profits Either Way
-
NEWS1 month agoMicrosoft Build 2026 Skips Windows 12 for the AI Bet That Counts
-
NEWS1 month agoModern Warfare 4 DMZ Returns with What the 2022 Beta Was Missing
-
MICROSOFT 3651 month agoSatya Nadella Rebukes Scout VP Over ‘Make People Addicted’ Memo
