Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things.

Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.

  • Havatra@lemmy.zipEnglish
    45·
    14 days ago

    An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.

    “launching unverified protocols” - does that mean the network fetching is done by the Notepad app, and Notepad doesn’t open the browser for this…? If so, bloody hell, Microsoft…

    • Classy Hatter@sopuli.xyzEnglish
      18·
      14 days ago

      As I understood it, there can be specifically crafted links in Markdown documents, which, when clicked, will download a file and then execute it.