Microsoft pulls Unity powered titles from the store after a critical vulnerability
In October 2025, Unity Technologies disclosed a serious security vulnerability affecting Unity built games and apps published since 2017.1. While there have been no confirmed exploits or user impact to date, the risk prompted Microsoft to temporarily remove affected titles from its digital storefront until patches are released. The move underscores the ongoing challenges of third party engine vulnerabilities in a sprawling multi‑platform ecosystem.
The vulnerability and affected platforms
The advisory indicates that the flaw can affect Unity based builds targeting Android, Windows, macOS and Linux. Unity Technologies stressed that the issue is tied to certain engine versions and that updates are needed to mitigate the risk. Microsoft confirmed that its own products and services relying on Unity will receive updates in a staged rollout, and it advised customers to uninstall affected titles and to be aware that, until patches land, some titles may not be downloadable from the store.
The list of publicized affected titles from the Microsoft side includes a broad mix of publishers and genres, spanning artbooks, companion apps, and full games. Affected titles include:
- Avowed Artbook
- DOOM: The Dark Ages Companion App
- Fallout Shelter
- Ghostwire: Tokyo Prelude
- Grounded 2 Artbook
- Hearthstone
- すすめ!じでんしゃナイツ
- Pillars of Eternity II: Deadfire
- Starfield Companion App
- The Bard’s Tale Trilogy
- The Elder Scrolls IV: Oblivion Remastered Companion App
- The Elder Scrolls: Blades
- The Elder Scrolls: Castles
- Warcraft Rumble
- Wasteland 3
- Wasteland Remastered
Some titles, such as Knights and Bikes, have already received patches to address the issue. Conversely, Fallout Shelter, Wasteland 3, and The Elder Scrolls: Blades have faced removal from storefronts on some platforms and are not currently available on Steam or Google Play at the time of reporting.
Obsidian Entertainment has noted that while the Avowed game itself does not use Unity for core gameplay, the digital artbook tied to Avowed is Unity‑made. Separately, Obsidian’s Pentiment has also entered a sales pause, though it is not listed among the direct Unity built titles affected by the patch cycle.
Discontinued services and customer protection measures
Beyond the immediate removals, Microsoft is also removing several older apps and games that have reached end‑of‑service status. For customer protection, those titles will be stripped from the store to prevent continued losses in functionality for players. The affected list includes classic, licensed, and community games whose online services have already ended:
- DOOM (2019)
- DOOM II (2019)
- Forza Customs
- Gears POP!
- Halo Recruit
- Mighty Doom
- The Elder Scrolls: Legends
- Zoo Tycoon Friends
The action to remove these services reflects a broad approach: when a title or service is no longer actively supported, keeping it in a storefront could expose customers to unresolved security or reliability gaps. Microsoft indicated it will continue to retire or pause access to these assets as part of its ongoing platform hygiene.
What this means for players and developers
For players, the short-term consequence is a potential interruption in access to certain Unity‑based apps and games. If a title is patched and re-listed, players should update to the latest version before re-downloading. Until then, uninstall guidance from the storefront owners should be followed to minimize risk. For developers, the event highlights the importance of timely engine updates, testing patches across multiple platforms, and coordinating with store platforms to minimize user disruption when a critical vulnerability hits.
In the broader gaming ecosystem, the incident spotlights how dependency on third‑party engines can propagate risk across many titles at once. Engine makers and storefronts alike must balance rapid security responses with user convenience, ensuring patches are widely available and clearly communicated. As Unity Technologies and partner publishers begin rolling out updates, observers will be watching not only for fix quality but also for how transparent and timely the patching process proves to be.
Conclusion
While there are no confirmed exploit reports yet, the decision to pause and remove Unity‑built content from major storefronts reflects a cautious, consumer‑centric approach to security. As patches land, the industry will likely see faster, more coordinated responses to engine‑level vulnerabilities, helping to stabilize the ecosystem for developers and players alike.
