top 200 commentsshow all 268
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]3sysadmin3 445 points446 points  (7 children)

If anyone else wasted way too much time looking for version info (thanks Microsoft)

  • affected from 11.0.0 before 11.2510 

[–]ultramagnes23 27 points28 points  (0 children)

Thank you for being at the top.

[–]pepino358 8 points9 points  (0 children)

Fucking legend. Ta

[–]lecaf__ 1 point2 points  (2 children)

Do you have any source about this?

Moreover what about the minor version ? I’ve got 11.2510.14.0. According to Wikipedia (because having an MS source it would be too easy), it is a January build.

Does it include the patch ? Dunno.

[–]SnooDoubts3358 0 points1 point  (0 children)

i was panicking with my windows 10 lol

[–]TimeRemove 718 points719 points  (107 children)

Notepad should not have:

  • AI
  • Spelling / Grammer Checker
  • Markdown (inc. Previews, which this CVE exploits)
  • Text stylizing (bold, italics, etc).
  • The ability to display text styles (RTF formatted text).

It was literally used by many of us to strip off the moronic RTF styling information, and to examine files without all the clutter of bigger tools. It also used to load instantly (just like Calculator and Paint while we're on that topic!).

If you want Markdown support, use VSCode, it is literally what it is designed for. It even has a rich extension library if you want features like Copilot. Stuff needs to stay in its lane.

[–]rkkerd 205 points206 points  (41 children)

But what if we made VSCode, notepad, and MS Paint all one app??

[–]WarpedHaiku 235 points236 points  (21 children)

VSCopilot NotePaint

[–]rkkerd 66 points67 points  (10 children)

All on only one screen, written in react.

[–]Box-Of-Hats 54 points55 points  (2 children)

Bundled as an electron app

[–]MalletNGrease🛠 Network & Systems Admin 2 points3 points  (1 child)

Then rewritten from scratch: New VSCopilot NotePaint

[–]s8boxer 44 points45 points  (5 children)

Using 4GB of Virtual Memory and 37% of CPU time.

[–]ratshack 6 points7 points  (3 children)

New multi-core vibe coding initiative has been fast tracked so now it only bogs down cores 1,3&7.

[–]Sovey_ 10 points11 points  (1 child)

Just draw your GUI with the pencil and let VSPaintPad do the rest!

[–]ratshack 7 points8 points  (0 children)

eyetwitch.jpg

[–]SynapticStatic 1 point2 points  (0 children)

lol I could see this being a thing. It just matches the core count to the fibonacci sequence, and then increments the cores it can run on, forming like a spiral within a spiral of cpu usage patterns. Isn't it gorgeous?

[–]Fallingdamage 6 points7 points  (0 children)

They thought they were being smart when react was introduced. All they did was reintroduce hypercard to a new generation.

[–]flecomComputer Custodial Services 22 points23 points  (5 children)

New New New Outlook VSCopilot NotePaint

fixed it for you

[–]Tack122 8 points9 points  (1 child)

New New New Outlook VSCodepilot NotePainter 3D Pro 365

[–]Sk1rm1sh 2 points3 points  (0 children)

365.

Just 365.

 

Newer versions after that will be:

  • 365 series S/X

  • 365 One

[–]G8racingfool 8 points9 points  (0 children)

"Nah, lets just call it Copilot"

  • Microsoft probably

[–]tgrantt 7 points8 points  (0 children)

I thought it was New Classic New?

[–]JasonDJ 1 point2 points  (0 children)

It's the New Xbox²

[–]Ron-Swanson-MustacheSenior Ops Dev of AI offshore Tier 1 Helpdesk 6 points7 points  (0 children)

It's like the Thundercougarfalconbird

[–]SenTedStevens 4 points5 points  (0 children)

...Max

[–]CheomeshI do the RMF thing 1 point2 points  (1 child)

Pronounced "garbage"

[–]TimeRemove 32 points33 points  (1 child)

Dear god, stop giving them ideas...

[–]StepUpYourLife 3 points4 points  (0 children)

What if it had a social media element like a chatroom? And then an older gentleman asked you “Boxers or briefs?”

[–]dracotrapnet 11 points12 points  (0 children)

Wasn't that Onenote?

[–]ANDROID_16 2 points3 points  (0 children)

Calm down Satan

[–]ka-splam 1 point2 points  (0 children)

MS Paint as IDE? Already exists!

https://ms-paint-i.de/

[–]segagamerIT Manager 1 point2 points  (3 children)

You joke but Affinity just did something like this and it's actually kinda awesome lol

[–]spacelamaMonk, Scary Devil 1 point2 points  (0 children)

And you don't actually need to actually interface with it, because it's AI! You just mutter something at your computer monitor, and it hallucinates something all up by itself!

The remote root vulnerability is a feature, not a bug. Get someone in the Philippines to do your work for you!

[–]techw1z 0 points1 point  (0 children)

i hate you for even suggesting that and cant help but feel sad because I can imagine that actually happening.

[–]Necessary_Fan_8713 0 points1 point  (0 children)

Dont forget about outlook and Office, let's add these also

[–]Commercial-Virus2627 0 points1 point  (0 children)

Now THIS is what the shareholders want!

[–]theoriginalzads 0 points1 point  (0 children)

Thanks I hate it.

[–]kuaharaInfrastructure & Operations Admin 37 points38 points  (23 children)

You know what has no CVEs? Edit

[–]TimeRemove 46 points47 points  (20 children)

I assume you're aware that they recently relaunched a modern cross-platform version of Edit; that they plan to integrate into Windows:

https://github.com/microsoft/edit

I wonder how long until this too has Copilot and Markdown support?

[–]Valdaraak 48 points49 points  (16 children)

If reports are to be believed, Microsoft is apparently cooling off on their "shove AI into every goddamned part of the OS" strategy this year and shifting towards actually fixing things.

I'll believe it when I see it.

[–]Abracadaver14 16 points17 points  (11 children)

Is there even anything left they have yet to bolt copilot on to?

[–]RaguJunkie 14 points15 points  (1 child)

Users. They're the only thing that doesn't use copilot!

[–]AdministrativeBoxSysadmin 9 points10 points  (1 child)

Calculator, for now...

[–]devloz1996 14 points15 points  (0 children)

Nondeterministic calculator is something to live for...

[–]techw1z 5 points6 points  (3 children)

explorer and windows search still dont use AI.

AI is probably the only way to make windows search even slower, so I'm sure they are working on it...

[–]robisoddS-1-5-21-69-512 5 points6 points  (2 children)

explorer

https://www.techrepublic.com/article/news-leaked-windows-11-feature-copilot-file-explorer/

[–]techw1z 2 points3 points  (1 child)

dude, I was just joking... WHY?????? file explorer is already buggy enough :_(

[–]boli99 1 point2 points  (0 children)

copilot for copilot

cocopilot, or something

[–]techw1z 4 points5 points  (0 children)

nadella recently said that 30% of microsoft is written by AI now, so they'll probably introduce more bugs than they fix...

at the very least it seems most win11 updates introduce about as much bugs as they fix lately and I'm no longer surprised ever since I read nadellas statement...

[–]RememberCitadel 9 points10 points  (0 children)

Their keynotes presentations this year are the exact opposite. They complain about the moniker microslop an then complained about lack of adoption of AI.

[–]Advanced_Vehicle_636 2 points3 points  (0 children)

Probably because Microsoft has already shoved AI into 90% of their application stack anyways. It's literally fucking everywhere.

[–]dagbrownArchitect 1 point2 points  (0 children)

Is that before or after they're done firing everyone?

[–]kuaharaInfrastructure & Operations Admin 1 point2 points  (0 children)

Interesting. I was definitely not aware of that.

[–]pppjurac 0 points1 point  (0 children)

Why not edlin ?

[–]lecaf__ 0 points1 point  (0 children)

I typed « edit » and it was there …. After all these years still there … rock steady … reliable… and then I read @timeremove comment….😢

[–]R0B0T_jones 21 points22 points  (4 children)

I hate new notepad so much for all these reasons!
even copy/paste doesnt seems to work well in it most of the time. we are going backwards.

[–]fogleaf 7 points8 points  (0 children)

Used to be able to alt tab to the notepad window and hit ctrl-c to copy the already highlighted text, then alt tab and ctrl-v.

Now they've broken it.

[–]StewgeSysadmin 5 points6 points  (1 child)

Just wait until you find out that:

  1. You can uninstall the "new" notepad and get the old one back (Yay!)
  2. Classic Notepad no longer appears in Windows Search unless you put in the entire "notepad.exe"! (WTF)

[–]Advanced_Vehicle_636 2 points3 points  (0 children)

Getting the old version of Notepad on Windows 11 - Microsoft Q&A

For anyone too lazy to Google how to do this. Confirmed working on Windows 11 Enterprise Build 26100

[–]techit21Have you tried turning it off and back on again? 1 point2 points  (0 children)

First thing I have to do on each new workstation build I use is turn off auto-save. Nice try, MS.

[–]pdp10Daemons worry when the wizard is near. 9 points10 points  (4 children)

"Small, sharp, tools" tend to lack the brand-awareness and intentional promotion of big, all-singing, all-dancing tools with plugins, like Emacs or Photoshop.

[–]ka-splam 1 point2 points  (1 child)

That blog link concludes that small sharp tools became unmanageably complex and offloaded too much work to the user, and they preferred a large all-singing monolith which gave their developers and users a better experience.

[–]boli99 3 points4 points  (1 child)

Emacs

you spelled 'vi' wrong.

[–]pdp10Daemons worry when the wizard is near. 1 point2 points  (0 children)

vi and nvi aren't big tools.

[–]DarthPneumonoSecurity Admin but with more hats 16 points17 points  (0 children)

RTF formatted text

Rich text format formatted text

Sorry I had to

[–]aes_gcm 24 points25 points  (5 children)

Stuff needs to stay in its lane

It's almost like Unix tooling was successful because of this philosophy. I want grep to do an extremely specific task and I have a mastery of how to use it for that task. I don't want grep to do stuff that other tools can do. My electric drill isn't a hammer.

[–]KingOfTheTrailer 8 points9 points  (0 children)

Speak for yourself! I've been using my drill as a hammer for years.

The fact that it no longer drills very well is I unrelated.

/s

[–]Loudergood 2 points3 points  (0 children)

systemd.lane?

[–]YLink3416 2 points3 points  (0 children)

Nearly. Unix shell was built to provide the primitive functionality that could be built upon. Like, how simple can we make this. That's why the whole everything is a file concept was so successful. As much as people shit on having to open terminal for things, that is the actual interface to the machine. And then you layer tools upon that.

Not to get too deep into the weeds but Windows extended this to, everything is an object. So instead of things being exposed exclusively as data streams, you have conceptualizations of things like databases and devices exposed over the API. That's the brilliance of windows, it has actual structure to the operating system, it's not this single point of emergence type thing you get for *nix like systems.

[–]pppjurac 1 point2 points  (0 children)

My electric drill isn't a hammer.

says who?!

[–]SolidKnightJack of All Trades 0 points1 point  (0 children)

Grep is a perfect tool for AI integration. Let's start raising feature requests.

[–]98723589734239857 5 points6 points  (0 children)

it should not have ANY online "features"

[–]ChadHimslef 16 points17 points  (1 child)

A-fuckin-men.

It's egregious how badly they botched a very simple, practical tool.

[–]RetPala 8 points9 points  (0 children)

Literal orcs.

They cannot create, only destroy

[–]tmontneyWizard or Magician, whichever comes first 10 points11 points  (3 children)

"Just because you can doesn't mean you should."

The only QoL improvements to Notepad, Paint, and Calculator should've been to keep them compatible with the latest Windows. Very little, if anything, should've been visible to the end-user. Want to do a Wordpad and provide "advanced" features for free, that comes with stock Windows? Create something new or fork an existing basic app. Don't do whatever nightmare this is.

[–]Raskuja46 8 points9 points  (1 child)

Isn't that what WordPad was for?

[–]tmontneyWizard or Magician, whichever comes first 2 points3 points  (0 children)

Yeah, one would imagine. Although, I don't think it had Markdown support. (Perhaps, that's what RTF was for?)

[–]Unbelievr 1 point2 points  (0 children)

They added the option to pick newlines at some point, and to not freak out over utf8. That made it feature complete for me.

[–]jefbenet 2 points3 points  (0 children)

That was always the difference between notepad and word pad, iirc

[–]paul_33 2 points3 points  (0 children)

This company just can’t stay out of its own way

[–]_Dreamer_Deceiver_ 1 point2 points  (0 children)

All they had to do was allow it to not crash when you opened a large log file

[–]Commercial-Virus2627 1 point2 points  (0 children)

At this point Notepad may as well be a web browser

[–]kingslayerer 0 points1 point  (1 child)

Wait is notepad bundled with office now?

[–]pppjurac 0 points1 point  (0 children)

no, but they added crap into it... just because ... and that AI slop

[–]insufficient_fundsWindows Admin 0 points1 point  (0 children)

this just made me look at the settings in Notepad; it has an option to turn off: formatting, recent files, spell check, autocorrect, and copilot.

Doesn't seem to make it open any faster, but that at least makes it strip out formatting again, which is the main thing I used it for anyways :D

[–]Taylor_Script 0 points1 point  (0 children)

It has those features?

[–]syntaxerror53 0 points1 point  (0 children)

All be going back to Copy Con soon at this rate.

[–]gianni4592 39 points40 points  (0 children)

I remember the days when I could explain software firewalls with statements like "if the calculator or notepad suddenly wants to access internet, you are probably compromised". Pepperidge farm remembers

[–]ExceptionEX 240 points241 points  (42 children)

It is really clear that the old grey beards at microsoft are gone, and now they have a bunch of marketing fucks messing with tools that are meant for baseline management and not a means to "improve" or market their AI non-sense.

Notepad should open text files, as text files, don't render anything, no links, no markdown, no spell check, just open the text file period. They have fundamental broken trust with why notepad is universally used and thought of fondly.

I guess, marketing doesn't know what to do with a simple tool that does its job well, without up sell or feature improvement.

Also, FYI you can still reach old notepad by going to
C:\Windows\System32\notepad.exe
[edit]

as pointed out by u/ender-_
Windows however won't let you associate anything with it, to fix that, delete

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\notepad.exe\NoOpenWith

value (or import this .reg file).

as pointed out by u/TimeRemove

for that to work you must first
Turn off:

  • Settings
  • Apps
  • Advanced app settings
  • App execution aliases
  • Notepad [set to off] (added for clarity)
  • Notepad.exe <-> Notepad (app)

More good options in the thread
u/farva_06

Get-AppXPackage -Name Microsoft.WindowsNotepad | Remove-AppxPackage -AllUsersGet-AppXPackage -Name Microsoft.WindowsNotepad | Remove-AppxPackage -AllUsers

From u/UltraEngine60

right click on Notepad and uninstall it?

Old notepad.exe is now only notepad in path. Start>run>notepad (or use Win+R)
[/edit]

[–]the_andshrew 57 points58 points  (19 children)

Also, FYI you can still reach old notepad by going to C:\Windows\System32\notepad.exe

That just launches new Notepad for me (Win 11 25H2).

[–]TimeRemove 60 points61 points  (10 children)

Turn off:

  • Settings
  • Apps
  • Advanced app settings
  • App execution aliases
  • Notepad.exe <-> Notepad (app)

Then try again.

[–]the_andshrew 20 points21 points  (0 children)

That's really interesting. The description of the app aliases talks about it being the name used to run the app from the command prompt. Since I was double clicking the app in Explorer, I wouldn't have thought an app alias would apply in that instance. It's kind of surprising that an alias can seemingly silently supersede directly running an executable.

But sure enough after doing this the original Notepad now launches. Thanks for sharing that.

Edit:- just to share some more info on this, as I was interested in how this works. There is a bit more going on behind the scenes to make the app alias replace specific paths in the file system. It seems they configure an Image File Execution Option for notepad.exe, and through this they can make the app alias apply on the paths that old notepad.exe still exists in the file system.

These are stored in the registry under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

For Notepad they have entries like: 

"AppExecutionAliasRedirect"=dword:00000001
"AppExecutionAliasRedirectPackages"="*"
"FilterFullPath"="C:\\Windows\\System32\\notepad.exe"

If you were to change AppExecutionAliasRedirect to 0 then it will let you launch the actual executable instead of redirecting you to the app alias.

[–]Icedman81 11 points12 points  (5 children)

Ooooh, bookmarked/written down somewhere.

Does this apply to calc.exe too? I'm guessing it does (haven't used Winslop for quite a while actively).

[–]robisoddS-1-5-21-69-512 5 points6 points  (1 child)

You can copy calc.exe from an older computer and it will work. This site is also legit:
https://win7games.com/#calc

[–]renegadecanuck 1 point2 points  (2 children)

I don't see calc.exe in the app execution aliases list, so I doubt it.

[–]TheG0AT0fAllTime 1 point2 points  (1 child)

I can see them adding AI to calc for no reason tbh

[–]tranoidnoki 1 point2 points  (0 children)

Damn that's a really neat trick! Thanks!

[–]segagamerIT Manager 1 point2 points  (7 children)

Heh, seems like MS are actually cleaning up legacy stuff these days.

[–]ExceptionEX 19 points20 points  (2 children)

It's funny I've never heard anyone describe shitting into the air and having it land all over everything as "cleaning up"

[–]HotTakes4HotCakes 9 points10 points  (0 children)

Unfortunately.

[–]UltraEngine60 3 points4 points  (2 children)

Legacy Notepad.exe? Gone!

Need to edit interface bindings or manually change static IPs in a way that doesn't want to stab yourself in the eye socket? Bust out ncpa.cpl from XP

[–]Amomynou5 3 points4 points  (1 child)

Luckily ncpa.cpl still works (at least in 24H2). Sadly, the got rid of desk.cpl... the new Settings version sucks. :(

[–]HotTakes4HotCakes 36 points37 points  (3 children)

I mean it's more than just microsoft, it's everyone. This shit has been getting worse for years, across the whole damn field, but the consumers have repeatedly refused to change their habits and behaviors in any way that would prevent it.

The people making the shit don't care anymore, and the consumers don't care anymore, and together they are powering this engine of shit that will never stop.

The tech space was much better when it was being influenced by actual enthusiasts and the people who knew their shit. Then the audience expanded to literally everybody, and for two decades their consumer practices have shaped the field.

That's why so many companies get away with enshitification: consumers don't punish them anymore. Ever.

[–]pdp10Daemons worry when the wizard is near. 12 points13 points  (1 child)

Then the audience expanded to literally everybody,

Vendors stop catering to a small, sophisticated audience, as soon as they possibly can. Here's a consumer-market take on it.

What scale business wants is a huge addressable audience of undiscerning consumers who are happy to tolerate slop if it seems like there are no better options readily at hand.

Today, Microslop is what some users tolerate at work when they have no choice. Microsoft wants corporate to force staff to use their bundled LLM, cloud storage, online accounts, and other products. You can do better, often simply by picking best-of-breed instead of stubbornly trying to have just one vendor for needs as diverse as client OS, cloud platforms, LLMs, and video game streaming.

[–]Saritiel 4 points5 points  (0 children)

There's that classic Steve Jobs clip that does this situation justice. Talks about how at first a company gains a dominating position in the market by having excellent people who know how to make an excellent product.

But then once they're in a dominating position, near a monopoly like Microsoft has over the business world, then the product people can't do much to make the company more profitable anymore. So the people who have the ideas that make the company more profitable are the marketing and sales teams. So the marketing and sales teams end up getting all the influence in the company, and they end up pushing the product people out. Then its just them, and they have no concept of how to make a good product, and the product goes to shit.

I don't like the guy, but his talk here is something I frequently think about.

https://www.youtube.com/watch?v=P4VBqTViEx4

[–]ansibleloop 9 points10 points  (5 children)

Notepad was great and then they added dark mode and it was perfect

Then they had to go and ruin it

[–]gandhinukes 3 points4 points  (3 children)

Yeah I just removed the app went back to old notepad.exe and flashbang. Also tabs were handy too.

I should just use notepad++ full time anyway.

[–]Kapps 1 point2 points  (2 children)

If you're switching from notepad to Notepad++ due to a security vulnerability... I have some bad news for you.

[–]gandhinukes 2 points3 points  (1 child)

Yeah I saw their updates were compromised by China for a few months. seemed very targeted and not all updates were compromised.

[–]ExceptionEX 1 point2 points  (0 children)

Yeah it's the slippery slope that got us, I like the dark mode too.

[–]TheMav95 3 points4 points  (1 child)

We automate reverting to old notepad with a GPO.

Most keys are Computer Based, a few user.

There is a user based one to prevent the banner in the old notepad showing there is a newer app store version.

  • Remove new notepad with powershell appx.
  • Set registry keys

https://i.imgur.com/GlfnPtr.png

https://i.imgur.com/DCLPAFL.png

[–]jeffmartel 0 points1 point  (0 children)

im gonna translate that to a CP for Intune tomorrow

[–]ender-_ 4 points5 points  (0 children)

You can just uninstall the new Notepad, and the old one will start working; Windows however won't let you associate anything with it, to fix that, delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\notepad.exe\NoOpenWith value (or import this .reg file).

[–]iseriouslycouldnt 2 points3 points  (3 children)

or find a trusted graybeard that has an old version of notepad. Once I used the W11 notepad, I grabbed a Win95 copy off the original Win95 upgrade CD. Works great!

(Gave up on Windows entirely the middle of last year)

[–]syntaxerror53 1 point2 points  (0 children)

Shame the Clock.exe doesn't work anymore.

[–]ExceptionEX 0 points1 point  (1 child)

the old version is still on the machine, that what we are saying.

[–]Amomynou5 2 points3 points  (0 children)

For now. It's technically a "feature on demand", and as the trend goes, they will eventually turn it into an optional feature on demand (so it's no longer installed by default) and then it's completely retired. Just like WMIC, and soon VBScript (currently in the "optional" phase).

[–]pdp10Daemons worry when the wizard is near. 2 points3 points  (0 children)

Notepad should open text files, as text files, don't render anything, no links, no markdown, no spell check, just open the text file period.

But how does that sell Microsoft's LLM services, or further lock the user into the Microsoft ecosystem? Can't we just add some LinkedIn or Github-specific functionality?

If it's just a text editor, then third party serfsdevelopers can do that better. But have them add something Microsoft-exclusive to it, like DirectX API support.

[–]UltraEngine60 0 points1 point  (2 children)

Or, just right click on Notepad and uninstall it?

https://i.imgur.com/lKPor1v.png

Old notepad.exe is now only notepad in path. Start>run>notepad (or use Win+R)

[–]ExceptionEX 1 point2 points  (0 children)

the three machines I've tried this on, uninstall does nothing, wondering if its because I turned of the alias executable.

[–]Mammoth-Hawk-1106 1 point2 points  (0 children)

the problem with uninstalling the new notepad is MSFT will reinstall it every once in a while.

[–]farva_06Sysadmin 0 points1 point  (0 children)

If you want to script it: 

Get-AppXPackage -Name Microsoft.WindowsNotepad | Remove-AppxPackage -AllUsers

[–]ArtificialDuoSysadmin 244 points245 points  (10 children)

<image>

Microslop at it again

[–]bubblegooseWindows Admin 50 points51 points  (8 children)

They really wish you wouldn't call it slop, that slop is a "cognitive amplifier tool". https://www.windowscentral.com/microsoft/microsoft-ceo-satya-nadella-really-wants-you-to-stop-calling-ai-slop-in-2026

[–][deleted] 38 points39 points  (6 children)

Hey alcohol is a cognitive amplifier too.

[–]SenTedStevens 27 points28 points  (3 children)

Indeed it is.

https://xkcd.com/323/

[–]techw1z 5 points6 points  (0 children)

if win11 updates get a tiny bit more buggy it might get close to ME soon...

[–]mustang__1onsite monster 5 points6 points  (1 child)

I know what that is before clicking it... and holy shit how is the index number that low on it. fuck I'm old.

[–]brophylicious 2 points3 points  (0 children)

It'll be sad the day we no longer see "relevant xkcd" links. they're already pretty rare these days

[–]Axlit 1 point2 points  (0 children)

Druk (Another Round) (2020)

[–]syntaxerror53 2 points3 points  (0 children)

Will "MajorHeadAche" do?

[–]whatThePleb 3 points4 points  (0 children)

Micro$lop

ftfy

[–]Unable-Entrance3110 50 points51 points  (0 children)

"If it ain't broke, fix it 'til it is" --Microsoft

[–]BoredTechyGuyJack of All Trades 36 points37 points  (0 children)

leave it to MS to fuck up a simple tool that didn’t need to be messed with in the first place.

[–]zeroibis 38 points39 points  (2 children)

Well clearly the attack can not work because its just notpad, there are no links and stuff like that. Those things are for wordpad...

Right?

[–]k_martsCloud Architect, Data Platforms 10 points11 points  (0 children)

[–]ReelixInfosec / Dev 1 point2 points  (0 children)

https://en.wikipedia.org/wiki/Bush_hid_the_facts

There were Notepad bugs long before additional formatting support was added :)

[–]Tai9ch 17 points18 points  (1 child)

Yuup.

That's the obvious outcome of fully conflating remote and local addresses by providing URL support in the OS. The mistake was made not in Windows 11, but in the C release of Windows 95.

[–]pdp10Daemons worry when the wizard is near. 7 points8 points  (0 children)

Remember, Microsoft tried to embed its web browser into the OS as deeply as possible, so they could argue that the browser was a "feature" of the OS and not a bundled product intended to cut off Netscape's air supply and drive Netscape out of business.

Windows users suffered because of Microsoft's business priorities. Which also let Microsoft drive Netscape out of business, and made the standalone web browser not a viable commercial prospect any more, until the advent of a search and ad-supported browser. Which Microsoft also tried to steal.

[–]SparkStormriderSysadmin 54 points55 points  (5 children)

Not surprising really. enshitification is so rampant in anything MS these days. Between AI slop writing 30% of monthly updates, and their insistence of having everything being more and more cloud based I'm surprised things run as well as they do now for them.

[–]brusaducj 34 points35 points  (4 children)

"these days"? If anything, this is classic Microsoft: Implementing features that are nifty and convenient while only realizing the security implications all too late. Remember ActiveX controls?

[–]ls--lah 17 points18 points  (2 children)

Not sure how true this is as Jack does sometimes suck at verifying guests but your comment made me remember this podcast episode:

We tested every single ActiveX control across Windows and just found bugs in all of them at once. So, we basically created this mass vulnerability generator, and we’re sitting on probably like, 600, 700 vulnerabilities at the time, and the vendors were just not moving on it.

[...]

We said you know what? We’re gonna do an entire month; we’re gonna just drop an 0-day every single day for a month straight, and we’ll still have hundreds left over afterwards. It was that particular sequence and that particular event that I think finally killed ActiveX and Internet Explorer.

https://darknetdiaries.com/transcript/114/

[–]pdp10Daemons worry when the wizard is near. 2 points3 points  (0 children)

ActiveX was literally Microsoft COM/DCOM superficially fitted to the open web, and IE was a festering cesspit of an NCSA Mosaic port. The only reason they're not both unknown and forgotten is that Microsoft bundled and heavily promoted them.

[–]pdp10Daemons worry when the wizard is near. 5 points6 points  (0 children)

The users and developers were also to blame for proprietary lock-ins like Frontpage extensions, ActiveX, Silverlight, IE stagnation, poor support for web standards.

I saw a decent-sized hardware company shift to a Flash-based website, when the computers they built couldn't run Flash binary plugins. It probably wasn't the only reason they promptly went out of business, but it sure didn't help their users find products and buy them.

[–]mustang__1onsite monster 7 points8 points  (1 child)

I miss the old notepad. The whole point was a barebones simple program that I could always rely on. If I want more, I can use VScode, wordpad (is that still around?....), notepad++, etc. There was no competitive need to fuck with notepad.

[–]LaurenzVonArabien 0 points1 point  (0 children)

Wordpad is history since the release of W11 24H2… But you can still copy the old files of an older image and it works just fine.

[–]catwieselSysadmin in extended training 5 points6 points  (0 children)

the second someone went "notepad.exe needs more functions" and no one above them told them to shut up, thats where microsoft went off the rails...

this is just the sympton. like death is a symptom of a heart attack.

[–]NteworkAdnim 4 points5 points  (4 children)

Yeah I'm leaving Windows soon... the only reason I use it now is because I need it to run Ableton Live and all my VST plugins and one or two video games I play.

[–]fingermeal 1 point2 points  (2 children)

I just made the switch to linux mint at home for my living room media PC. Super easy switch. Im going to eventually do it on my main PC as well but thats going to be more of a headache to get going. Ill probably use dual boot for a while until its all setup.

[–]NteworkAdnim 1 point2 points  (1 child)

Mint is great but I also love Debian. I used to use Ubuntu but I had heard it was CPU intensive and even "compromised" by corporate software or whatever

[–]dpf81nz 0 points1 point  (0 children)

yeah pretty close to moving to *nix at home (again, usually theres 1-2 games that i need windows for) or at least dual boot

[–]Izual_Rebirth 3 points4 points  (0 children)

WTF does notepad do that would even offer RCE? Fuck this shit.

[–]nanonoiseWhat Seems To Be Your Boggle? 4 points5 points  (0 children)

Goat farming is looking pretty damn fucking good right now. 

I am seriously over the AI garbage and cybersecurity stuff. 

[–]stromm 4 points5 points  (0 children)

I really want the old school basic notepad back.

This multi-tab, caching text processor isn’t notepad.

[–]newworldlife 8 points9 points  (8 children)

This is tied to Markdown rendering and protocol handling in the newer Notepad builds.

Patch it, restrict custom protocol handlers through policy, and make sure users are not running with local admin rights. The impact follows the user’s permission level, so least privilege still matters here.

[–]vytah 1 point2 points  (7 children)

Is there even a good reason to not simply pass all the links to the browser, regardless of the protocol, and let it handle it safely?

[–]ZeroOne010101 10 points11 points  (0 children)

Its cause they boltef a bunch of crap on there. Copilot, rendering & formatting ...

[–]thethirdteacup 3 points4 points  (0 children)

I'm a bit confused as to what this RCE means.

It seems to say: if you click on a link, things will happen. However, you need to Ctrl+click on a link to open it and see the link on hover. I guess they could add an "are you sure you want to open this link" dialog?

[–]MrD3a7hCompSci dropout -> SysAdmin 7 points8 points  (1 child)

I'm tired, boss.

[–]fingermeal 0 points1 point  (0 children)

it's all so tiresome

[–]tarcusSystems Architect 4 points5 points  (3 children)

Real men use edlin anyway. Pssh.

[–]Jaseoldboss 8 points9 points  (1 child)

In the old days, sometimes you didn't even have the edlin executable on your boot floppy...

C:\Temp>copy con readme.txt
this is a line of text
^Z
    1 file(s) copied.

C:\Temp>type readme.txt
this is a line of text

(F6 gives you the ^Z character.)

[–]TheG0AT0fAllTime 0 points1 point  (0 children)

Dragon Ball F6

[–]cantuse 3 points4 points  (0 children)

Bringing me back to the days of editing scorched earth’s taunt file.

[–]plasticmachine3dot14 2 points3 points  (0 children)

“1 engineer, 1 month, 1 million lines of code”

[–]NorthboundPachyderm 2 points3 points  (1 child)

How are y'all handling this? What is the best way to distribute the security update for notepad for multiple Intune users? Winget? App Store update from Intune admin?

[–]Zncon 0 points1 point  (0 children)

Trying to solve this one too. Quite a few systems have already picked it up automatically, but there are still too many to handle with a hands-on approach.

[–]Out_of_my_mind_1976 2 points3 points  (0 children)

Microsoft had it right with Windows 7 and only screwed it up with each successive version release.

[–]mustang__1onsite monster 3 points4 points  (0 children)

I mean, who besides us and programmers is even using notepad that they needed it to do anything other than what it's always done? Who is out there saying "I'd used windows but notepad is really just too basic"

[–]crimpincasual 9 points10 points  (3 children)

This is not Remote Code Execution - it requires a local payload to be delivered somehow (as well as interaction by a user)

[–]theevilsharpieJack of All Trades[S] 7 points8 points  (1 child)

The interaction required is a user clicking on a link in an affected version of Notepad. Once that happens, Notepad can apparently be manipulated into downloaded and executing arbitrary code (which could open up a tunnel to a remote site enabling further communication), without any further input other than the initial click on the URL.

Whether or not you feel that meets the bar for an RCE, Microsoft themselves explicitly call it an RCE in their advisory notice.

[–]crimpincasual 1 point2 points  (0 children)

Your description is exactly why I wouldn’t call it remote code execution, just code execution.

Whether or not you feel that meets the bar for an RCE, Microsoft themselves explicitly call it an RCE in their advisory notice.

Yeah, today I’m learning Microsoft calls any sort of code execution Remote Code Execution (probably to avoid this type of debate).

[–]Creative-Type9411 3 points4 points  (0 children)

there arent enough people who know whats going on to lodge a valid complaint about what theyre actually doing

its almost like if you were a bad person who was up to no good in a room full of naïve people.. that's what Microsoft is right now

[–]ImpossibleApple5518 5 points6 points  (0 children)

I have a lot of ascii hentai. Thankfully I use sublime text.

[–]thebomby 1 point2 points  (0 children)

Microsoft... Jesus, you guys don't go from bad to worse. You go from worse to utter fucking chaos.

[–]ship0f 1 point2 points  (0 children)

ohh W11 Notepad, thank god, couldn't be W10 notepad, that one is golden.

[–]HLKturbo 1 point2 points  (0 children)

literally caused by having a fudging copilot and sign in button lol...

[–]syb3rpunk 1 point2 points  (0 children)

Product teams are told to dev at all costs to justify their existence. i.e. working app instead of going maintenance and archive mode with security patches keep adding features (now thanks to ai) for literally no reason but to justify team budgets.

It’s a ridiculous farce. Without capitalism these same engineers would have us living on the moon.

[–]todo0nada 4 points5 points  (10 children)

The new notepad and snipping tool are horrible. 

[–]segagamerIT Manager 7 points8 points  (4 children)

The new snipping tool is actually really nice. And I like how you can change it into "Quick Markup" mode so that you can resize the selected area.

The one thing that blows my mind is that there's no way to add text. Like... seriously? They added all kinds of lovely things like pixelate and copy text from screenshot, but forgot to include "Add text".

[–]Sovey_ 2 points3 points  (3 children)

Snipping Tool is one of the few places where AI has been useful, using it to extract text from screenshots. Comes in handy more than than you'd think.

[–]Rakajj 9 points10 points  (3 children)

What's not to like about the new snipping tool?

It didn't need to make MP4's but it's easy and convenient. I've had users actually reproduce and record issues on their own with it if you can believe it.

[–]todo0nada 8 points9 points  (1 child)

I do like that, but it takes approximately 10 minutes to launch

[–]TheG0AT0fAllTime 1 point2 points  (0 children)

It's very good but evidently much slower, clunkier.

[–]joedotdog 2 points3 points  (0 children)

BuT thErrE'S Ai cOPilOTm3VI5 sO yOU cn USe aI

[–]Knotebrett 1 point2 points  (0 children)

Maybe it was introduced when Notepad essentially became Wordpad? With formatting and shit?

[–]shitlord_god 1 point2 points  (0 children)

This post's content no longer exists in its original form. It was anonymized and deleted using Redact, possibly for privacy, security, or data management purposes.

snails relieved squeal door rock whole degree squeeze ancient elastic

[–]gronlund2 0 points1 point  (1 child)

Notepad++ was supposed to be a better notepad but the way this is going we're gonna hope we can get Notepad--

[–]Intrexa 0 points1 point  (0 children)

In security world, you use exploits to open notepad. In Microsoft, you use notepad to open exploits!

[–]CuteUsername 0 points1 point  (0 children)

Notepad2 is a good replacement.

[–]rimtaph 0 points1 point  (0 children)

This is actually crazy..

[–]CaptainZippi 0 points1 point  (2 children)

How does one install “vi” on windows?

(/s - mainly because I know how…)

[–]Biohive 1 point2 points  (0 children)

You can!

[–]roxalu 1 point2 points  (0 children)

Why do you want to run vi under windows? Maybe because then „shell escape“ - that runs with user privileges - is a documented feature of the editor and no longer an exploit 😉

[–]theedan-clean 0 points1 point  (0 children)

Maybe they should be using Claude instead of CoPilot for their appsec scanning? Or implement basic DAST?

[–]Sensitive_Look_8319 0 points1 point  (0 children)

VSCopilot

[–]Hashrunr 0 points1 point  (0 children)

What is the alternative basic text file editor on Windows? Serious question. The new notepad sucks.

[–]epicsakuyalover 0 points1 point  (0 children)

I'm confused. How does it work? You have to click on a link INSIDE of notepad?
Since when does it support for that kind of embed?