Critical vulnerability found in Windows Notepad

Yes, security researchers have discovered a zero-day vulnerability in the classic editor known as Notepad / notepad.exe . The program allows attackers to access the command line.

The vulnerability allows the command line to be called up directly via the editor with a small trick, which gives a potential attacker access to the computer. Opening a shell is commonly used as evidence in that an attacker could launch an external program that could give the attacker control of the system. That alone is often enough to cause considerable damage.

A security researcher from Google had made the vulnerability public on Twitter. Now it is Microsoft's turn to patch it, because after a 90 day grace period the background details of the bug will be published.

Due to this grace period of 90 days not much information about the vulnerability is known so far. But to be on the safe side, users should use one of the many good and better alternatives instead of the Notepad editor for now.

Replace Notepad with Notepad++

The tool Notepad Replacer allows you to easily replace Notepad. During the installation you choose a replacement from your installed programs, for example Notepad++ or another installed editor of your choice. After the installation, Notepad will be disabled and the new application will be opened at each startup instead.