Things started to go downhill when it stopped being a .exe in System32 and started being distributed through the MS Store. They've escalated from spell check and tabs to full rich text formatting (remember WordPad?) and Copilot. But this vulnerability stems from links in Markdown documents, so I guess they're well on their way to embedding most of a web browser as they rediscover all the security implications.
You can uninstall the AI-RCE version of Notepad from Apps - Settings to revert to the stock version.
Giveth the state of things lately, I'm anxiously waiting for someone to confirm that the latest OS updates have removed this ability..
> Windows Notepad App Remote Code Execution Vulnerability
> Max Severity: Important
ROTFL. Can Microsoft get any lower than this ? "Yes they can"™
it is bizarre that a notepad app can have remote code execution. how much unnecessary function did MS add to get to this point?
Things started to go downhill when it stopped being a .exe in System32 and started being distributed through the MS Store. They've escalated from spell check and tabs to full rich text formatting (remember WordPad?) and Copilot. But this vulnerability stems from links in Markdown documents, so I guess they're well on their way to embedding most of a web browser as they rediscover all the security implications.