Microsoft has mounted a severe safety vulnerability affecting Markdown recordsdata in Notepad. Within the firm’s Tuesday patch notes, Microsoft says a nasty actor may perform a distant code execution assault by tricking customers “into clicking a malicious hyperlink inside a Markdown file opened in Notepad,” as reported earlier by The Register.
Clicking the hyperlink would “launch unverified protocols,” permitting attackers to remotely load and execute malicious recordsdata on a sufferer’s laptop, based on the patch notes. Microsoft says there isn’t any proof of attackers exploiting the Notepad vulnerability (CVE-2026-20841) within the wild, nevertheless it issued a repair for the flaw in its Tuesday patch.
Microsoft initially added assist for Markdown, a plaintext formatting language, to Notepad on Home windows 11 final Might. The transfer contributed to criticism that Microsoft is filling its working system with bloatware, together with by stuffing new options and AI capabilities into apps like Notepad and Paint.
Notepad isn’t the one textual content editor that has confronted safety points not too long ago, because the third-party Notepad++ app disclosed that some customers could have downloaded a malicious replace linked to Chinese language state-sponsored attackers.
