{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigx6bjgandf4cur2qh2hp7gkkwjlowjrql77f7dggug37f4pv2nge",
    "uri": "at://did:plc:r27a2ibspnwlgbw66uqg22yv/app.bsky.feed.post/3mepncilwcth2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidskdcheletbu7fnkj6kvbsoeurymaws4z6hhqka4bqk5vtawl3ka"
    },
    "mimeType": "image/png",
    "size": 3779
  },
  "path": "/story/26/02/12/2111243/windows-11-notepad-flaw-let-files-execute-silently-via-markdown-links?utm_source=rss1.0mainlinkanon&utm_medium=feed",
  "publishedAt": "2026-02-13T04:12:39.985Z",
  "site": "https://tech.slashdot.org",
  "tags": [
    "microsoft",
    "Read more of this story"
  ],
  "textContent": "Microsoft has patched a high-severity vulnerability in Windows 11's Notepad that allowed attackers to silently execute local or remote programs when a user clicked a specially crafted Markdown link, all without triggering any Windows security warning. The flaw, tracked as CVE-2026-20841 and fixed in the February 2026 Patch Tuesday update, stemmed from Notepad's relatively new Markdown support -- a feature Microsoft added after discontinuing WordPad and rewriting Notepad to serve as both a plain text and rich text editor. An attacker only needed to create a Markdown file containing file:// links pointing to executables or special URIs like ms-appinstaller://, and a Ctrl+click in Markdown mode would launch them. Microsoft's fix now displays a warning dialog for any link that doesn't use http:// or https://, though the company did not explain why it chose a prompt over blocking non-standard links entirely. Notepad updates automatically through the Microsoft Store.\n\n \n\nRead more of this story at Slashdot.",
  "title": "Windows 11 Notepad Flaw Let Files Execute Silently via Markdown Links",
  "updatedAt": "2026-02-13T03:45:00.000Z"
}