As reported by Bleeping Computer, Microsoft has addressed a critical remote code execution vulnerability in Windows 11's Notepad application. This flaw allowed attackers to trick users into clicking specially crafted Markdown links, leading to the execution of local or remote programs without triggering standard Windows security warnings.The vulnerability, tracked as CVE-2026-20841, was discovered by Cristian Papa, Alasdair Gorniak, and Chen. Attackers could exploit this by creating a Markdown file with malicious links, such as those using "file://" or "ms-appinstaller://" protocols. When a user opened this file in specific versions of Notepad and performed a Ctrl+click on the link, it would execute a remote file within the user's security context. This bypasses typical security prompts, making it a significant risk for executing unauthorized code.Microsoft's fix involves displaying a warning prompt when users attempt to click on non-HTTP/HTTPS links in Notepad. While this mitigates the direct execution without warning, it still relies on user interaction to confirm the action, leaving room for social engineering. The automatic update mechanism for Notepad via the Microsoft Store ensures that most Windows 11 users will receive the patch, limiting the long-term impact of this particular vulnerability.Source: Bleeping Computer
Vulnerability Management, Patch/Configuration Management
Microsoft patches critical Notepad vulnerability allowing code execution

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


