CyberSecurityBoard
Sponsor Register Login

Notepad Hijacking Vulnerability Exposes Windows Users to Remote Code Execution

A critical vulnerability affecting the Notepad application on Windows has been discovered, allowing attackers to hijack the program and execute remote code. This security flaw poses significant risks to users, as it can be exploited to gain unauthorized access and control over affected systems. The vulnerability stems from improper handling of file associations and can be triggered by specially crafted files that, when opened, execute malicious payloads without user consent. Cybersecurity experts urge users and organizations to apply patches and updates promptly to mitigate potential attacks. This incident highlights the importance of vigilant software maintenance and the need for robust security practices in everyday applications. The discovery also serves as a reminder for developers to adhere to secure coding standards to prevent similar vulnerabilities in the future. Users are advised to remain cautious when opening files from untrusted sources and to employ comprehensive security solutions to detect and block exploitation attempts.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 29 Sep 2025 05:20:29 +0000


Cyber News related to Notepad Hijacking Vulnerability Exposes Windows Users to Remote Code Execution

Hands on with Windows 11 Notepad's new markdown support - While it's lightweight, and I can confirm Notepad doesn't use excessive CPU or memory at any point when formatting, you can always clear all formatting or turn off the feature from Settings. Notepad now lets you use markdown text formatting on ...
7 months ago Bleepingcomputer.com
Windows 11 Notepad gets a built-in character counter, finally - Microsoft keeps improving and adding more features to the Windows 11 Notepad application, the latest being a built-in character counter. Until now, users who needed a quick way to count characters in a text file have been forced to use third-party ...
2 years ago Bleepingcomputer.com
Notepad++ Input Validation Flaw Leads Search Path Vulnerability - Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors to search an untrusted search path. This vulnerability has been disclosed to Notepad++, and a patch has yet to be provided. Notepad++ is a ...
2 years ago Cybersecuritynews.com
Windows Notepad to get AI text summarization in Windows 11 - Microsoft is now testing an AI-powered text summarization feature in Notepad and a Snipping Tool "Draw & Hold" feature that helps draw perfect shapes. Today, it also added a "Draw & Hold" feature in Snipping Tool version 11.2502.18.0 to help ...
10 months ago Bleepingcomputer.com
Notepad gets free AI features on Copilot Plus PCs with Windows 11 - Microsoft has enhanced its Notepad application on Windows 11 PCs equipped with Copilot Plus by integrating free AI-powered features. This update aims to improve user productivity by leveraging artificial intelligence to assist with text editing and ...
4 months ago Bleepingcomputer.com
Attackers Can Bypass Windows Security Using New DLL Hijacking - Threat actors using the DLL Hijacking technique for persistence have been the order of the day and have been utilized in several attacks. This attack method allows bypassing the privilege requirement for executing certain malicious codes on the ...
2 years ago Cybersecuritynews.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
2 years ago Techrepublic.com
Qilin Ransomware Leveraging MSPaint and Notepad to Evade Detection - The Qilin ransomware group has been observed using unconventional methods to evade detection and enhance their attack efficacy. Notably, they leverage common Windows tools such as MSPaint and Notepad during their ransomware campaigns. This tactic ...
3 months ago Cybersecuritynews.com Qilin ransomware group
Notepad Hijacking Vulnerability Exposes Windows Users to Remote Code Execution - A critical vulnerability affecting the Notepad application on Windows has been discovered, allowing attackers to hijack the program and execute remote code. This security flaw poses significant risks to users, as it can be exploited to gain ...
4 months ago Cybersecuritynews.com CVE-2023-38145
Side-by-Side with HelloJackHunter: Unveiling the Mysteries of WinSxS - As we know, Dynamic-link library(DLL) Side loading / DLL Hijacking is nothing new, nor is Windows Side-by-Side; however, side loading is handy from an adversarial tradecraft perspective, be it for establishing initial access, persistence, privilege ...
1 year ago Blog.zsec.uk Equation
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
3 years ago Bleepingcomputer.com
New DLL Search Order Hijacking Variant Evades Windows 10 and 11 Protections - Security researchers have outlined a fresh variant of a dynamic link library search order hijacking technique, potentially enabling threat actors to circumvent security measures and execute malicious code on computers running Microsoft Windows 10 and ...
2 years ago Cysecurity.news
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
1 year ago Bleepingcomputer.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
2 years ago Bleepingcomputer.com
Microsoft unveils new AI agents that can modify Windows settings - Over the next few weeks, Microsoft will start rolling out more Windows 11 experiences for all Windows 11 Insiders, such as a phone companion for the Start menu, AI actions in File Explorer that will help edit images and summarize content, and a new ...
9 months ago Bleepingcomputer.com
New DLL Search Order Hijacking Technique Targets WinSxS Folder - A new DLL search order hijacking technique allows adversaries to load and execute malicious code in applications within Windows' WinSxS folder, incident response company Security Joes reports. Typically, DLL search order hijacking abuses applications ...
2 years ago Securityweek.com
New Stealthy Malware 'Waiting Thread Hijacking' Technique Bypasses Modern Defenses - Unlike traditional thread hijacking, which requires suspending and resuming threads using easily monitored APIs like SuspendThread and ResumeThread, WTH targets threads already in a waiting state, eliminating the need for suspicious thread ...
9 months ago Cybersecuritynews.com
Microsoft testing Windows 11 USB 80Gbps support, Copilot on login - Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables. Also known as USB 80Gbps or USB4 Gen4 and announced in September 2022, this latest USB standard ...
2 years ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
2 years ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
2 years ago Bleepingcomputer.com
Windows Copilot autostart tests limited to 27" displays or larger - Microsoft says that tests of a controversial new Windows 11 feature that automatically opens the AI-powered Copilot assistant after Windows starts are limited to systems with 27-inch displays. For now, the option also requires enrolling in the ...
2 years ago Bleepingcomputer.com
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
2 years ago Bleepingcomputer.com
DNS Hijacking 101: How It Happens & What to Do to Prevent It | Akamai - DNS hijacking is a critical cybersecurity threat where attackers redirect users from legitimate websites to malicious ones by compromising the Domain Name System (DNS). This blog post explores the mechanisms behind DNS hijacking, including common ...
4 months ago Akamai.com
Microsoft pushes fix for Windows 11 update 0x80240069 errors - ​Microsoft has fixed a known issue preventing Windows 11 24H2 feature updates from being delivered via Windows Server Update Services (WSUS) after installing the April 2025 security updates. "Devices which have installed the April Windows ...
9 months ago Bleepingcomputer.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)