They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things.
Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.
I’m not a programmer, why are people so interested in Rust?
edit: typo
It stops dangerous memory mistakes by design, forces safe handling of data, and eliminates the most commonly used vulnerabilities in C and C++
It encourages secure design, but that forces people who have been writing C/C++ for years to completely rethink how to do many things they’re very proficient at.