In a sudden development, a collection of Xbox first-party games has become unavailable on the Microsoft Store due to a recently discovered security issue linked to the Unity engine. This vulnerability, which dates back to 2017, has prompted Microsoft to take precautionary measures by temporarily removing affected titles, bundles, and add-ons from the storefront. While the security flaw does not impact the Xbox console or Xbox Cloud Gaming versions of these games, several titles have been delisted on both console and PC platforms.
The identified security vulnerability affects games and applications built on Unity versions 2017.1 and later, which run on various operating systems including Android, Windows, Linux, and macOS. Fortunately, there is currently no evidence indicating that this vulnerability has been exploited, nor has there been any reported impact on users or customers. Unity has proactively provided fixes that developers can implement to address the issue, and these fixes are now available to all developers.
This security concern was responsibly reported by security researcher RyotaK, and Unity has expressed gratitude for his collaboration in resolving the issue. In light of this situation, Microsoft has compiled a list of affected first-party Xbox games, which includes popular titles such as:
Avowed Artbook DOOM: Dark Ages Companion App Fallout Shelter Ghostwire Tokyo Prelude Grounded 2 Artbook Hearthstone Knights and Bikes Pillars of Eternity II: Deadfire Starfield Companion App The Bard's Tale Trilogy The Elder Scrolls IV: Oblivion Remastered Companion App The Elder Scrolls: Blades The Elder Scrolls: Castles Warcraft Rumble Wasteland 3 Wasteland RemasteredObsidian Entertainment has also released a separate list of affected titles via social media, assuring players that their team is diligently working on a fix. They plan to restore these games as soon as possible and will provide further updates once the titles are available again. The impacted games include:
Grounded 2 Founders Edition Grounded 2 Founders Pack Avowed Premium Edition Avowed Premium Edition Upgrade Pillars of Eternity: Hero Edition Pillars of Eternity: Definitive Edition Pillars of Eternity II: Deadfire Pillars of Eternity II: Deadfire Ultimate PentimentMeanwhile, several games that are no longer supported have been permanently delisted from the Microsoft Store. This action ensures customer safety by removing apps and games that are not actively maintained by Microsoft. If you are currently using any of the following apps or games, it is advisable to uninstall them:
DOOM (2019) DOOM II (2019) Forza Customs Gears POP! Halo Recruit Mighty Doom The Elder Scrolls: Legends Zoo TycoonIt is essential to note that while the security vulnerability does not affect console versions of the games, the delisting of titles such as Pentiment and Wasteland 3 still applies to the console version of the Microsoft Store due to its operational framework. For those seeking more information, Microsoft has published a comprehensive FAQ regarding the situation.
Here are some key takeaways from the FAQ section:
Q: I am playing one of the impacted games on Xbox console, should I be worried?
A: No. Console games and cloud gaming are not impacted by the vulnerability.
Q: How do I know if my game is impacted?
A: You can refer to the list of impacted Microsoft titles above. If your game is not included and all available security updates are installed, no further action is required.
Q: I am using an impacted game or app, what should I do?
A: It is recommended to uninstall the impacted application until an update is released. Regular updates are being provided, and you can check for updates on your device. Additionally, consider subscribing to Security Update Guide notifications for alerts on updates for affected games and apps.
This situation is continuously evolving, and the accompanying Advisory and the related CVE will be updated with new information as it becomes available, including links to future security updates.
