AI-connected changes to Notepad—certain, that Notepad—allowed attackers to end arbitrary code for your computer. The vulnerability became as soon as connected to Markdown support, which became as soon as added final year. Markdown is an easy draw to add formatting, together with hyperlinks, to plaintext documents—and hyperlinks had been the provide of the vulnerability.
“An attacker could well trick a particular person into clicking a malicious hyperlink inner a Markdown file opened in Notepad, causing the application to originate unverified protocols that load and end a long way flung files,” in accordance with the security response survey.
Markdown has long been smartly-liked in definite substances of the on-line—anyone who infrequently feedback on Reddit or chats the utilization of Discord is doubtless no longer no longer as a lot as a chunk conscious of it. Nonetheless the markup language has changed into worthy more vital within the age of AI—most documents are converted to easy text Markdown files to prepare gadgets.
Microsoft is patching more bugs than ever in Windows 11
Markdown support became as soon as added around the same time Copilot became as soon as constructed-in into Notepad, as fragment of a broader push to add AI to every nook of the working system. And there is an argument to be made that every one these AI additions are adding as a lot as unusual vulnerabilities. Microsoft patched 1,129 bugs in 2025 in accordance with Krebs on Security, a prominent cybersecurity blog. That is an 11.9% lengthen over the outdated year, which became as soon as already strangely excessive. Microsoft itself admits that AI brokers will originate up unusual vulnerabilities, even because the firm adds them to Windows.
Right here's all to divulge that inserting in security updates is doubtless more vital now than ever. Sure, which you might want to to disable all AI substances in Windows, but that is no longer going to guard you from all the unusual vulnerabilities—inserting in Linux could, despite the indisputable truth that.
The option to patch this Notepad vulnerability
Credit score: Justin Pot
Thankfully for Windows users, this vulnerability became as soon as mounted in Microsoft's February 2026 security replace. To search out out for these who could fair contain got installed it, originate the Settings app, head to “Windows Update,” then test if an replace labeled “2026-02 Security Update” is waiting to be installed. If that is the case, click the “Restart Now” button to set up the replace.
