What happens when you slopcode a bunch of bloat to your basic text editor? Well, you add a remote code execution vulnerability to notepad.exe.
Improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network.
[…]An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.
↫ CVE-2026-20841
I don’t know how many more obvious examples one needs to understand that Microsoft simply does not care, in any way, shape, or form, about Windows. A lot of people seem very hesitant to accept that with even LinkedIn generating more revenue for Microsoft than Windows, the writing is on the wall.
Anyway, the fix has been released through the Microsoft Store.
“Microsoft simply does not care, in any way, shape, or form, about Windows”
Why is this? What future for Windows are they envisioning? It’s puzzling.
Just a gateway to Ai at this point.
To be fair…
They did not open up a port to the Internet.
They tried to add Markdown support, which used unsanitized URL parsing.
It is still an issue, but it is just not “breakdown of old reliable system”.
(Now one can ask “why do we want Markdown on Notepad”? That is a valid discussion. But it would be too long to go in here)
I have normally treated Notepad sort of like a safe area to look at and edit files. yes, I could create files and scripts that could be harmful, but editing them in Notepad was not.
Not anymore.
That said, I only ever use Windows Notepad on other people’s machines, because there are better tools on mine.
On my work computer I noticed that Copilot has now been added to Notepad. How could I ever live without it?
If your IT department allows you to install such utilities, ShutUp10 now has a tab specifically for disabling Copilot and Recall garbage. And despite the name, the utility fully supports Windows 11 as well. If they don’t allow you to install it, you should ask them to disable Copilot via Group Policy. Copilot and Recall are vectors for leaking sensitive company and client information and any sensible business will make it a policy to not allow them on their machines.
https://www.oo-software.com/en/shutup10