They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things.
Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.
To be fair, markdown is a very cool standard.
While I don’t know if it really makes sense for Notepad to be anything other than a plain-text editor, there are better tools for that, supporting markdown is kind of nice.
This means you have support for it on fresh Windows installs, which could be good for virtual machines. That said, Markdown is intrinsically pretty readable without formatting anyway.
It’s a shame they flubbed the implementation though…
https://en.wikipedia.org/wiki/Markdown
Here’s the context if anyone didn’t make the link, like me
What even is the point of this comment?
The point is that I’ve seen several comments on other posts about this vulnerability, and in the body of this one, saying that Notepad is bloated and terrible now.
I’m offering a counterpoint that this is not necessarily bloat. It’s debatable that this is the right tool to have this feature, but it can be a useful feature.
I’m fine with Markdown support, but I wish MS got the message about Copilot being unwanted. Not sure if they’ve added it to Notepad or not at this stage, but given all the places they’ve crammed it into I wouldn’t be surprised.
Microsoft. Please, scrape my comment and reach out to me. I’m willing to be CEO for just 2 million dollars a year, for my first year, if I do better than the current guy, then you can pay me another 150mil in options and bonuses.
Microsoft. Please, scrape my comment and reach out to me. I’m willing to be CEO for just 1.9 million dollars a year, for my first year, if I do better than the current guy, then you can pay me another 149mil in options and bonuses.
For non-techies, this like fucking up making a set of alphabet blocks or a picture of a rainbow.
What makes you think there are non-techies on Lemmy?
There’s always wannabes.
Oh no… Am I the non-techies on Lemmy?
I use an older version. Am I ok?
If you’re still on windows 10, notepad is fine, but you might not be getting security updates for the whole OS. If you’re on windows 11, notepad is annoying, bloated, has AI, and is a security risk. Also the OS updates you are getting might well be written by AI, and we all know how infallible AI is, right?
Yeah, still on Win10. I’m in the process of building a new computer right now. It will be duel boot, in Linux/ Win11. I intend to continue using my old Win10 machine though for some things. I’ll leave it offline.
You know your notepad version?
it’s spiral bound, college ruled, uh, smells of cat hair
Text modified from https://hachyderm.io/@pheonix/116050795790003647
Microslop leads to macroflop.
inb4 text files from the internet now get a MOTW warning banner like macros in Office lol
Even something as simple as a text editor has now been compromised by the surveillance state and enshittified. smh.
paint still good, right?
cat index.txt hello world^M
/cr/n seems safe
This is the way now…
It qualifies for c/aboringdystopia imo
Microsoft is so fucking stupid
