1. Forum
  2. USENET
  3. alt.comp.os.windows-11

  • Windows Notepad now has remote code execution vulnerability

    From CrudeSausage@crude@sausa.ge to comp.os.linux.advocacy,alt.comp.os.windows-11 on Sun Feb 15 12:36:12 2026
    From Newsgroup: alt.comp.os.windows-11

    <https://lunduke.substack.com/p/windows-notepadexe-now-has-remote>

    Windows Notepad.exe Now Has Remote Code Execution Vulnerability
    First Notepad++ gets hijacked by Chinese hackers, now Notepad.exe gets a "Severe" CVE. Apparently editing a plain text file is the most dangerous
    thing you can do on Windows.
    --
    CrudeSausage
    John 14:6
    Isaiah 48:16
    Pop_OS!
    --- Synchronet 3.21b-Linux NewsLink 1.2
  • From Paul@nospam@needed.invalid to comp.os.linux.advocacy,alt.comp.os.windows-11 on Sun Feb 15 08:17:57 2026
    From Newsgroup: alt.comp.os.windows-11

    On Sun, 2/15/2026 7:36 AM, CrudeSausage wrote:
    <https://lunduke.substack.com/p/windows-notepadexe-now-has-remote>

    Windows Notepad.exe Now Has Remote Code Execution Vulnerability
    First Notepad++ gets hijacked by Chinese hackers, now Notepad.exe gets a "Severe" CVE. Apparently editing a plain text file is the most dangerous thing you can do on Windows.


    Also explained here.

    It's using the Markdown Support features ( .md files ).

    Some people don't even know what that is, or why it would be in a text editor.

    https://www.bleepingcomputer.com/news/microsoft/windows-11-notepad-flaw-let-files-execute-silently-via-markdown-links/

    "create a Markdown file ... using special URIs like ms-appinstaller:// "

    It is not really a "plain" text file. They basically just
    added an attack surface to an innocuous thing. Clever. Profit...

    Paul
    --- Synchronet 3.21b-Linux NewsLink 1.2
  • From =?UTF-8?B?Li4ud8Khw7HCp8KxwqTDsQ==?=@winstonmvp@gmail.com to comp.os.linux.advocacy,alt.comp.os.windows-11 on Sun Feb 15 11:07:12 2026
    From Newsgroup: alt.comp.os.windows-11

    On 2/15/2026 5:36 AM, CrudeSausage wrote:
    <https://lunduke.substack.com/p/windows-notepadexe-now-has-remote>

    Windows Notepad.exe Now Has Remote Code Execution Vulnerability
    First Notepad++ gets hijacked by Chinese hackers, now Notepad.exe gets a "Severe" CVE. Apparently editing a plain text file is the most dangerous thing you can do on Windows.


    Fyi...the link's opening statement with respective Notepade++ is off the
    mark.
    "First Notepad++ gets hijacked by Chinese hackers"

    Notepad++ wasn't hijacked.
    The source code of Notepad++ has not been compromised.
    The attacker was doing a man-in-the-middle attack on the network of the hosting provider. The threat actor compromised the (previous) hosting provider.
    NP++ has since changed its hosting provider which resolves the issue.

    Concerned users can always just update to the latest version(V8.9.1 or
    later) which includes the code changes to use the new hosting provider.


    Paul covered background on MSFT's Notepad.exe.
    => the Feb. 2026 monthly update resolved the remote code execution
    problem.
    => Fix in place and prior to any exploits of Notepad.exe

    Note: The latest version of MSFT's Notepad is updated via the MSFT
    Store, not Windows.
    --
    ...w-i|#-o-#-n|#
    --- Synchronet 3.21b-Linux NewsLink 1.2