top | item 46968445

Windows Notepad App Remote Code Execution Vulnerability

23 points| dunder_cat | 19 days ago |msrc.microsoft.com

4 comments

You can uninstall the AI-RCE version of Notepad from Apps - Settings to revert to the stock version.

Giveth the state of things lately, I'm anxiously waiting for someone to confirm that the latest OS updates have removed this ability..

ycui1986|19 days ago

it is bizarre that a notepad app can have remote code execution. how much unnecessary function did MS add to get to this point?

wtallis|19 days ago

Things started to go downhill when it stopped being a .exe in System32 and started being distributed through the MS Store. They've escalated from spell check and tabs to full rich text formatting (remember WordPad?) and Copilot. But this vulnerability stems from links in Markdown documents, so I guess they're well on their way to embedding most of a web browser as they rediscover all the security implications.

hulitu|19 days ago

> Windows Notepad App Remote Code Execution Vulnerability

> Max Severity: Important

ROTFL. Can Microsoft get any lower than this ? "Yes they can"™