1 hour ago
4
ARTICLE AD BOX
Microsoft has fixed a major security issue in Windows 11’s Notepad tool. This security flaw allowed hackers to execute code on users' computers by tricking them into clicking on malicious links without any warning.
The security issue was connected to this Markdown feature. Hackers exploited the vulnerability to create specially crafted links that, when clicked, would execute code on a user's computer without Windows displaying its usual security alerts. However, Microsoft has now confirmed it has fixed this issue.Notepad is a basic text editor that comes with Windows and is used to write quick notes, open text files, or create to-do lists.
Microsoft recently updated Notepad in Windows 11 to add new features, including support for Markdown, a way to format text and add clickable links using simple symbols. Microsoft discontinued WordPad, another writing program that came with Windows, and instead added more features to Notepad to make it work as both a simple text editor and a formatting tool.
How Microsoft solved the Notepad ‘issue’ in Windows 11
As part of the February 2026 Patch Tuesday updates, Microsoft said it fixed a Notepad security flaw tracked as CVE-2026-20841 that could allow attackers to run code remotely.
In its latest security bulletin, Microsoft wrote, “Improper neutralisation of special elements used in a command ('command injection') in the Windows Notepad app allows an unauthorised attacker to execute code over a network.”Microsoft credited the discovery to Cristian Papa, Alasdair Gorniak, and Chen, claiming that the flaw can be exploited by tricking a user into clicking a malicious Markdown link."An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files," the company explained.“The malicious code would execute in the security context of the user who opened the Markdown file, giving the attacker the same permissions as that user,” Microsoft added.Security researchers quickly figured out how the flaw worked and how easy it was to exploit. Someone could create a Markdown file, like test.md, and include file:// links that point to executable files or use special URIs like ms-appinstaller://.If a user opened this Markdown file in Windows 11 Notepad versions 11.2510 and earlier and viewed it in Markdown mode, the text would appear as a clickable link. If the link were clicked with Ctrl+click, the file would run automatically without Windows displaying a warning to the user.The program's execution without a warning is what Microsoft considers the remote code execution flaw. This could have allowed hackers to create links to files on remote SMB shares, which would then be executed without warning.According to a report by BleepingComputer, the latest tests show that Microsoft has fixed the Windows 11 Notepad flaw by displaying warnings when clicking a link that does not use the http:// or https:// protocol.Now, when clicking on other types of URI links, including file:, ms-settings:, ms-appinstaller, mailto:, and ms-search:, Notepad will display a warning dialogue.However, it's unclear why Microsoft didn't simply block non-standard links, since it is still possible to trick users into clicking the 'Yes' button in the prompts.The good news is that Windows 11 will automatically update Notepad via the Microsoft Store, so the flaw will likely have limited impact beyond its novelty.
English (US) ·