They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things.
Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.
Fucking hell i have notepad++ for that shit.
Average users don’t need that functionality , and those that do already don’t use notepad for it
I… Have some really unfortunate news for you
Jokes on you I haven’t updated that program since 2019.
edit: an number