They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things.
Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.
If you’re still on windows 10, notepad is fine, but you might not be getting security updates for the whole OS. If you’re on windows 11, notepad is annoying, bloated, has AI, and is a security risk. Also the OS updates you are getting might well be written by AI, and we all know how infallible AI is, right?
Yeah, still on Win10. I’m in the process of building a new computer right now. It will be duel boot, in Linux/ Win11. I intend to continue using my old Win10 machine though for some things. I’ll leave it offline.