Microsoft adds and fixes remote code execution vulnerability in Notepad

by
Thom Holwerda
from OSnews on (#73GJR)

What happens when you slopcode a bunch of bloat to your basic text editor? Well, you add a remote code execution vulnerability to notepad.exe.

Improper neutralization of special elements used in a command (command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.

[...]

An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.

CVE-2026-20841

I don't know how many more obvious examples one needs to understand that Microsoft simply does not care, in any way, shape, or form, about Windows. A lot of people seem very hesitant to accept that with even LinkedIn generating more revenue for Microsoft than Windows, the writing is on the wall.

Anyway, the fix has been released through the Microsoft Store.

External Content
Source RSS or Atom Feed
Feed Location http://www.osnews.com/files/recent.xml
Feed Title OSnews
Feed Link https://www.osnews.com/
Reply 0 comments