They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things.
Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.
Ah. Yes, it appears I’ve been using the ESU option. That was the simplest thing to do.
I use the registration utility from massgrave, added 3 years to my registration.
https://massgrave.dev/windows10_eol
But right there on that page, they cover Windows 10 IoT Enterprise LTSC 2021.
It sounds like that’s what I need. Stripped down Win10. I like that idea.
Thanks, friend.