Microsoft fixes Notepad flaw that could trick users into clicking malicious Markdown links
Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. In the company's Tuesday patch notes, Microsoft says a bad actor could carry out a remote code execution attack by tricking users "into clicking a malicious link inside a Markdown file opened in Notepad," as reported earlier by The Register.
Clicking the link would "launch unverified protocols," allowing attackers to remotely load and execute malicious files on a victim's computer, according to the patch notes. Microsoft says there isn't any evidence of attackers exploiting the Notepad vulnerability (CVE-2026-20841) in the wild, but it issued a fix for ...