Security Update Guide - Microsoft Security Response Center
msrc.microsoft.com

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things.

Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.

  • LinearityEnglish
    93·
    10 days ago

    I read on a Mastodon thread that it isn’t actually an RCE vuln
    You have to open a .md in notepad for it to

    • surewhynotlem@lemmy.worldEnglish
      12·
      10 days ago

      I HATE that the industry started calling these RCE (specifically “passive” RCE). It really muddies the waters.

      This isn’t a normal RCE where an attacker can remotely connect in and execute code. Those are very serious.

      This is a passive RCE. Basically code injection from inappropriately parsing a file. And it doesn’t need to be remote. You can use a local file.

      • Nighed@feddit.ukEnglish
        2·
        9 days ago

        That’s the opposite of how I would understand it though. If you said a passive RCE I would understand that as it being run without me doing anything - in this case, just having notepad open making me vulnerable.

    • m4ylame0wecm@lemmy.zipEnglish
      8·
      10 days ago

      User interaction required was listed on the MSRC source, but that’s also where “RCE” came from too.