Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things.

Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.

  • Liketearsinrain@lemmy.mlEnglish
    3·
    9 hours ago

    I have a pretty good guess. They were using ShellExecute or a similar API with only "notepad” as a name or “edit” as a verb. The search order would end up finding your shortcut first.

    This would be odd behavior (the path should be be the full path and start at system32) but I don’t have IE6 and Windows 95 to find the exact API lol.

    • ChickenLadyLovesLife@lemmy.worldEnglish
      1·
      9 hours ago

      The search order would end up finding your shortcut first.

      Sure, but in my case “Notepad” was a shortcut to actual Notepad.exe. It still should have worked.

      • bitjunkie@lemmy.worldEnglish
        1·
        8 hours ago

        iirc .lnk files didn’t pass along params to the actual executable, at least not in 9x

        src: first tech job was at a MS silver partner in the 90s