Even Microsoft’s Notepad app, once a simple tool for jotting down plain text notes, has become an AI-powered security risk.
Researchers from the group VX-Underground discovered a “remote code execution zero-day,” a vulnerability unknown even to Microsoft.
According to Microsoft documentation of the bug, “improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network.”
“An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files”...
18.02.2026 / 20:22
Researchers from the group VX-Underground discovered a “remote code execution zero-day,” a vulnerability unknown even to Microsoft.
According to Microsoft documentation of the bug, “improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network.”
“An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files”...