Microsoft has fixed a serious security vulnerability affecting Markdown files in Notepad. In the company’s Tuesday patch notes, Microsoft says a bad actor could carry out a remote code execution attack by tricking users « into clicking a malicious link inside a Markdown file opened in Notepad, » as reported earlier by The Register.
Clicking the link would « launch unverified protocols, » allowing attackers to remotely load and execute malicious files on a victim’s computer, according to the patch notes. Microsoft says there isn’t any evidence of attackers exploiting the Notepad vulnerability (CVE-2026-20841) in the wild, but it issued a fix for …
English 
French