Jump to content
Login new information ×
Giveaway Contest ×
Login new information
Giveaway Contest
  • Security & Privacy News

    Microsoft patches Notepad flaw that could let attackers hijack Windows PCs

    Karlston

    By Karlston,
    Published Date:

    • 220 views
    • 2 minutes
     Share
    • 220 views
    • 2 minutes

    Microsoft released a security update addressing a serious vulnerability in Notepad. The flaw, not to be confused with a security issue recently found in Notepad++, could allow attackers to execute malicious code on a victim’s computer remotely.

     

    The bug (tracked as CVE-2026-20841) is a remote code execution (RCE) flaw in Windows Notepad. It happens because the app doesn't properly clean up or block dangerous special characters in certain commands. The flaw affects the modern Windows Notepad app from the Microsoft Store, particularly when handling Markdown (.md) files.

     

    According to Microsoft’s Security Update Guide, an attacker could exploit the vulnerability and create a malicious Markdown file containing specially crafted links. If a user opens the file in Notepad and clicks one of the links, a script could launch, download, and execute malicious code. If the process was successful, the attacker could gain full control of the victim's computer and all associated permissions.

     

    The vulnerability carries a CVSS v3.1 base score of 8.8 (high severity), with Microsoft's maximum severity rating listed as Important. Microsoft reports no known public exploits at the time of the patch release.

     

    Microsoft patched this vulnerability as part of the February 2026 Patch Tuesday security updates, released on February 10, 2026. It’s recommended for users to install the latest Windows updates and keep the Notepad app up to date.

     

    The discovery of this vulnerability prompted some users to question Microsoft’s decision to give network functionality to Notepad. Users argue that a simple text editor doesn’t need to be connected to the internet all the time. However, allowing Notepad to access the internet is mandatory for keeping the integration of Copilot in the text editor functional. Still, whether Copilot is necessary in Notepad is up for another debate.

     

    You can check the full patch notes on Microsoft’s security page.

     

    Source

    Hope you enjoyed this news post. Feedback welcome.

    Posted Thursday 12 February 2026 at 4:33 am AEST (my time).

    News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of January) 461

    RIP Matrix

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...