Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. A bad actor could carry out a remote code execution attack by tricking users into clicking on malicious links within a Markdown file opened in Notepad.
The flaw allows attackers to remotely load and execute malicious files on a victim’s computer when the link is clicked, according to the patch notes. However, there isn’t any evidence of attackers exploiting this vulnerability in the wild. Microsoft initially added support for Markdown to Notepad last May as part of its efforts to fill its operating system with new features.
This security issue affects Markdown users, including those who have updated to Windows 11 and are using the latest version of Notepad. The fix is now available, but it’s essential to update your software to protect against potential threats.
Source: https://www.theverge.com/tech/877295/microsoft-notepad-markdown-security-vulnerability-remote-code-execution