- cross-posted to:
- blueteamsec@infosec.pub
- cross-posted to:
- blueteamsec@infosec.pub
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things.
Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.
Notepad saves on exit now? Wtf.
Have been for a while now. In neat (read: horrible) little tabs that never go away unless you manually force them to.
dude, Notepad even has Copilot now
I never
upgradeddowngraded to Win11 so I haven’t seen a lot of this BS.yeah, I switched to Linux on my personal computers once I noticed ads in the start menu, my work computer has win11, though