this post was submitted on 11 Feb 2026

73 points (100.0% liked)

technology

24281 readers

235 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.

founded 5 years ago

MODERATORS

context@hexbear.net

SexUnderSocialism@hexbear.net

gaycomputeruser@hexbear.net

Wakmrow@hexbear.net

SwitchyandWitchy@hexbear.net

Windows Notepad App Remote Code Execution Vulnerability (msrc.microsoft.com)

submitted 1 month ago by Enjoyer_of_Games@hexbear.net to c/technology@hexbear.net

22 comments fedilink hide all child comments

do not click on markdown

in notepad. It's ok to click on markdown here in your brower because I'm just letting you know not to click on markdown illegal-to-say

all 26 comments

sorted by: hot top controversial new old

[–] PorkrollPosadist@hexbear.net 30 points 1 month ago (2 children)

We may be laughing now, but Microslop is going to roll out 10-factor authentication on Shithub because of this.

[–] Enjoyer_of_Games@hexbear.net 27 points 1 month ago (1 children)

for security reasons your readme must be in docx format

[–] chgxvjh@hexbear.net 3 points 1 month ago* (last edited 1 month ago)

.DOCM None of that macro free bs

[–] Orbital@hexbear.net 5 points 1 month ago (3 children)

Shithub

What are good alternatives if any

[–] ourtimewillcome@hexbear.net 5 points 1 month ago

codeberg and gitlab come to mind

[–] chgxvjh@hexbear.net 4 points 1 month ago

Forgejo is really easy to operate if you already have a server.

Codeberg is a large public Forgejo instance.

There is also https://tangled.org/ which I've meant to look into for a while but never gotten around to. I think it's promising but it's still alpha software. Forgejo and Gitea before it have been around for almost 10 years altogether.

[–] gay_king_prince_charles@hexbear.net 30 points 1 month ago (1 children)

new CVE

Look inside

Its unsanitized text input

[–] MeetMeAtTheMovies@hexbear.net 12 points 1 month ago

dead-dove-3

[–] sexywheat@hexbear.net 17 points 1 month ago

So AI slop coding is going great!

[–] Le_Wokisme@hexbear.net 17 points 1 month ago (1 children)

win11 shitty notepad or all notepad?

[–] Soot@hexbear.net 3 points 1 month ago

The former. Classic notepad would never support clickable links

[–] P1d40n3@hexbear.net 15 points 1 month ago

The US has lost the AI race.

[–] NephewAlphaBravo@hexbear.net 15 points 1 month ago (1 children)

wtf version of notepad even lets you create clickable hyperlinks in the first place?

[–] chgxvjh@hexbear.net 10 points 1 month ago (2 children)

My main uses for notepad:

Second clipboard I can paste stuff into without worrying about consequences.

Paste formatted text into notepad and copy it immediately to strip away formatting.

[–] d_cagno@hexbear.net 3 points 1 month ago (1 children)

You can paste without formatting with ctrl + shift + V

[–] chgxvjh@hexbear.net 6 points 1 month ago

✨ sometimes ✨

[–] blobjim@hexbear.net 13 points 1 month ago* (last edited 1 month ago)

hilarious

or maybe it was just a backdoor that the wrong person noticed

The 3 people who reported it are:
Cristian Papa, Romanian in Romania,
Alasdair Gorniak, slav (?) in the UK,
Chen, Chinese person, https://x.com/chen9918b/status/2015688020356407548, "Chinese history and culture enthusiasts & market analysis"

its so over for the Amerikkkans. Can't even install remote code execution backdoors in peace.

[–] Soot@hexbear.net 8 points 1 month ago

The Windows Notepad app has a glaring vulnerability. It sends all your contained data to some Microsoft AI if you click the wrong button.

[–] InevitableSwing@hexbear.net 8 points 1 month ago

I'm not a tech guy so I don't know why I - cough - clicked the link. I assumed I wouldn't be able to understand anything. But after taking a ~10 second gander at the page I saw this and it made me laugh.

How could an attacker exploit this vulnerability?

An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.