XPost: comp.os.linux.advocacy   
   From: winstonmvp@gmail.com   
      
   On 2/15/2026 5:36 AM, CrudeSausage wrote:   
   >    
   >   
   > Windows Notepad.exe Now Has Remote Code Execution Vulnerability   
   > First Notepad++ gets hijacked by Chinese hackers, now Notepad.exe gets a   
   > "Severe" CVE. Apparently editing a plain text file is the most dangerous   
   > thing you can do on Windows.   
   >   
      
   Fyi...the link's opening statement with respective Notepade++ is off the   
   mark.   
     "First Notepad++ gets hijacked by Chinese hackers"   
      
   Notepad++ wasn't hijacked.   
   The source code of Notepad++ has not been compromised.   
   The attacker was doing a man-in-the-middle attack on the network of the   
   hosting provider. The threat actor compromised the (previous) hosting   
   provider.   
   NP++ has since changed its hosting provider which resolves the issue.   
      
   Concerned users can always just update to the latest version(V8.9.1 or   
   later) which includes the code changes to use the new hosting provider.   
      
      
   Paul covered background on MSFT's Notepad.exe.   
     => the Feb. 2026 monthly update resolved the remote code execution   
   problem.   
     => Fix in place and prior to any exploits of Notepad.exe   
      
   Note: The latest version of MSFT's Notepad is updated via the MSFT   
   Store, not Windows.   
      
   --   
   ...w¡ñ§±¤ñ   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)