Infosec.Pub

4,801 readers
100 users here now

To support infosec.pub, please consider donating through one of the following services:

Paypal: jerry@infosec.exchange

Ko-Fi: https://ko-fi.com/infosecexchange

Patreon: https://www.patreon.com/infosecexchange

founded 2 years ago
ADMINS
jerry
shellsharks
modbot
listing: all - local
search
2
7
Windows Notepad App Remote Code Execution Vulnerability: An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad (msrc.microsoft.com)
submitted 2 days ago by digicat to c/blueteamsec
0 comments fedilink
1
950
A remote code execution vulnerability has been found in Microslop Notepad (msrc.microsoft.com)
 
 

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.

view more: next ›