In 2014, Google employed a group of hackers and developers to ensure systems aren’t threatened by external vulnerabilities. Perhaps they have one of the most important jobs, given the number of online security threats that surround us. Recently, they found a big threat in the most peculiar place in Windows. The modest and often ignored program, Notepad, is the program under fire this time around.
According to an article by MSPOWERUSER, who quote references from threatpost. According to the article, a developer, Tavis Ormandy, noticed a flaw in the Notepad security system. There is a memory corruption file which allows the user to use the app in such a way as to offer full access into the system. While it is not a direct entry into the system, it follows an initial entry point into the bigger picture. The developer shared it in a tweet, it is posted as a screenshot below.
People have mixed feelings about this. The original article supports the claim that this is quite exciting and alarming at the same time. While it would take the hacker to make the user open up the notepad file on their PC, it is not entirely impossible. After all, these are hackers and they would go to amazing lengths to get what they want. While on the other hand, Tavis and other developers have given Microsoft 90 days or so to fix the bug. They believe it is a major loophole that should be catered to as soon as possible.
Anyway, this is the latest news there is about the matter. More details have not been revealed, probably Microsoft wanted to bury the matter. Perhaps, we’d see a minor, security-centric update by Microsoft for Windows to cater to the matter.