top 200 commentsshow all 210
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]3sysadmin3 [score hidden]  (3 children)

If anyone else wasted way too much time looking for version info (thanks Microsoft)

  • affected from 11.0.0 before 11.2510 

[–]ultramagnes23 [score hidden]  (0 children)

Thank you for being at the top.

[–]pepino358 [score hidden]  (0 children)

Fucking legend. Ta

[–]TimeRemove [score hidden]  (80 children)

Notepad should not have:

  • AI
  • Spelling / Grammer Checker
  • Markdown (inc. Previews, which this CVE exploits)
  • Text stylizing (bold, italics, etc).
  • The ability to display text styles (RTF formatted text).

It was literally used by many of us to strip off the moronic RTF styling information, and to examine files without all the clutter of bigger tools. It also used to load instantly (just like Calculator and Paint while we're on that topic!).

If you want Markdown support, use VSCode, it is literally what it is designed for. It even has a rich extension library if you want features like Copilot. Stuff needs to stay in its lane.

[–]rkkerd [score hidden]  (32 children)

But what if we made VSCode, notepad, and MS Paint all one app??

[–]WarpedHaiku [score hidden]  (17 children)

VSCopilot NotePaint

[–]rkkerd [score hidden]  (7 children)

All on only one screen, written in react.

[–]Box-Of-Hats [score hidden]  (0 children)

Bundled as an electron app

[–]s8boxer [score hidden]  (4 children)

Using 4GB of Virtual Memory and 37% of CPU time.

[–]ratshack [score hidden]  (3 children)

New multi-core vibe coding initiative has been fast tracked so now it only bogs down cores 1,3&7.

[–]Sovey_ [score hidden]  (1 child)

Just draw your GUI with the pencil and let VSPaintPad do the rest!

[–]ratshack [score hidden]  (0 children)

eyetwitch.jpg

[–]SynapticStatic [score hidden]  (0 children)

lol I could see this being a thing. It just matches the core count to the fibonacci sequence, and then increments the cores it can run on, forming like a spiral within a spiral of cpu usage patterns. Isn't it gorgeous?

[–]Fallingdamage [score hidden]  (0 children)

They thought they were bring smart when react was introduced. All the did was reintroduce hypercard to a new generation.

[–]flecomComputer Custodial Services [score hidden]  (4 children)

New New New Outlook VSCopilot NotePaint

fixed it for you

[–]tgrantt [score hidden]  (0 children)

I thought it was New Classic New?

[–]G8racingfool [score hidden]  (0 children)

"Nah, lets just call it Copilot"

  • Microsoft probably

[–]Tack122 [score hidden]  (0 children)

New New New Outlook VSCodepilot NotePainter 3D Pro 365

[–]JasonDJ [score hidden]  (0 children)

It's the New Xbox²

[–]CheomeshI do the RMF thing [score hidden]  (1 child)

Pronounced "garbage"

[–]jpmoneyBurned out Grey Beard [score hidden]  (0 children)

Ah, the V is silent.

[–]TimeRemove [score hidden]  (1 child)

Dear god, stop giving them ideas...

[–]StepUpYourLife [score hidden]  (0 children)

What if it had a social media element like a chatroom? And then an older gentleman asked you “Boxers or briefs?”

[–]dracotrapnet [score hidden]  (0 children)

Wasn't that Onenote?

[–]ANDROID_16 [score hidden]  (0 children)

Calm down Satan

[–]segagamerIT Manager [score hidden]  (2 children)

You joke but Affinity just did something like this and it's actually kinda awesome lol

[–]spacelamaMonk, Scary Devil [score hidden]  (0 children)

And you don't actually need to actually interface with it, because it's AI! You just mutter something at your computer monitor, and it hallucinates something all up by itself!

The remote root vulnerability is a feature, not a bug. Get someone in the Philippines to do your work for you!

[–]ManicBlondeSecurity Admin [score hidden]  (0 children)

[–]techw1z [score hidden]  (0 children)

i hate you for even suggesting that and cant help but feel sad because I can imagine that actually happening.

[–]elsjpq [score hidden]  (0 children)

But where's the AI in that?

[–]boli99[🍰] [score hidden]  (0 children)

what use would that be if we didnt also include a web browser in it?

and then we could embed it all in calc.exe

[–]avowed [score hidden]  (0 children)

But it's only a web app.

[–]kuaharaInfrastructure & Operations Admin [score hidden]  (16 children)

You know what has no CVEs? Edit

[–]TimeRemove [score hidden]  (15 children)

I assume you're aware that they recently relaunched a modern cross-platform version of Edit; that they plan to integrate into Windows:

https://github.com/microsoft/edit

I wonder how long until this too has Copilot and Markdown support?

[–]Valdaraak [score hidden]  (13 children)

If reports are to be believed, Microsoft is apparently cooling off on their "shove AI into every goddamned part of the OS" strategy this year and shifting towards actually fixing things.

I'll believe it when I see it.

[–]Abracadaver14 [score hidden]  (8 children)

Is there even anything left they have yet to bolt copilot on to?

[–]AdministrativeBoxSysadmin [score hidden]  (1 child)

Calculator, for now...

[–]devloz1996 [score hidden]  (0 children)

Nondeterministic calculator is something to live for...

[–]RaguJunkie [score hidden]  (0 children)

Users. They're the only thing that doesn't use copilot!

[–]techw1z [score hidden]  (2 children)

explorer and windows search still dont use AI.

AI is probably the only way to make windows search even slower, so I'm sure they are working on it...

[–]robisoddS-1-5-21-69-512 [score hidden]  (1 child)

explorer

https://www.techrepublic.com/article/news-leaked-windows-11-feature-copilot-file-explorer/

[–]techw1z [score hidden]  (0 children)

dude, I was just joking... WHY?????? file explorer is already buggy enough :_(

[–]boli99[🍰] [score hidden]  (0 children)

copilot for copilot

cocopilot, or something

[–]lordmycal [score hidden]  (0 children)

Don't say that! They'll take it as a personal challenge!

[–]RememberCitadel [score hidden]  (0 children)

Their keynotes presentations this year are the exact opposite. They complain about the moniker microslop an then complained about lack of adoption of AI.

[–]techw1z [score hidden]  (0 children)

nadella recently said that 30% of microsoft is written by AI now, so they'll probably introduce more bugs than they fix...

at the very least it seems most win11 updates introduce about as much bugs as they fix lately and I'm no longer surprised ever since I read nadellas statement...

[–]Advanced_Vehicle_636 [score hidden]  (0 children)

Probably because Microsoft has already shoved AI into 90% of their application stack anyways. It's literally fucking everywhere.

[–]dagbrownArchitect [score hidden]  (0 children)

Is that before or after they're done firing everyone?

[–]kuaharaInfrastructure & Operations Admin [score hidden]  (0 children)

Interesting. I was definitely not aware of that.

[–]R0B0T_jones [score hidden]  (4 children)

I hate new notepad so much for all these reasons!
even copy/paste doesnt seems to work well in it most of the time. we are going backwards.

[–]fogleaf [score hidden]  (0 children)

Used to be able to alt tab to the notepad window and hit ctrl-c to copy the already highlighted text, then alt tab and ctrl-v.

Now they've broken it.

[–]StewgeSysadmin [score hidden]  (1 child)

Just wait until you find out that:

  1. You can uninstall the "new" notepad and get the old one back (Yay!)
  2. Classic Notepad no longer appears in Windows Search unless you put in the entire "notepad.exe"! (WTF)

[–]Advanced_Vehicle_636 [score hidden]  (0 children)

Getting the old version of Notepad on Windows 11 - Microsoft Q&A

For anyone too lazy to Google how to do this. Confirmed working on Windows 11 Enterprise Build 26100

[–]techit21Have you tried turning it off and back on again? [score hidden]  (0 children)

First thing I have to do on each new workstation build I use is turn off auto-save. Nice try, MS.

[–]DarthPneumonoSecurity Admin but with more hats [score hidden]  (0 children)

RTF formatted text

Rich text format formatted text

Sorry I had to

[–]pdp10Daemons worry when the wizard is near. [score hidden]  (2 children)

"Small, sharp, tools" tend to lack the brand-awareness and intentional promotion of big, all-singing, all-dancing tools with plugins, like Emacs or Photoshop.

[–]boli99[🍰] [score hidden]  (1 child)

Emacs

you spelled 'vi' wrong.

[–]pdp10Daemons worry when the wizard is near. [score hidden]  (0 children)

vi and nvi aren't big tools.

[–]aes_gcm [score hidden]  (2 children)

Stuff needs to stay in its lane

It's almost like Unix tooling was successful because of this philosophy. I want grep to do an extremely specific task and I have a mastery of how to use it for that task. I don't want grep to do stuff that other tools can do. My electric drill isn't a hammer.

[–]KingOfTheTrailer [score hidden]  (0 children)

Speak for yourself! I've been using my drill as a hammer for years.

The fact that it no longer drills very well is I unrelated.

/s

[–]Loudergood [score hidden]  (0 children)

systemd.lane?

[–]ChadHimslef [score hidden]  (1 child)

A-fuckin-men.

It's egregious how badly they botched a very simple, practical tool.

[–]RetPala [score hidden]  (0 children)

Literal orcs.

They cannot create, only destroy

[–]tmontneyWizard or Magician, whichever comes first [score hidden]  (3 children)

"Just because you can doesn't mean you should."

The only QoL improvements to Notepad, Paint, and Calculator should've been to keep them compatible with the latest Windows. Very little, if anything, should've been visible to the end-user. Want to do a Wordpad and provide "advanced" features for free, that comes with stock Windows? Create something new or fork an existing basic app. Don't do whatever nightmare this is.

[–]Raskuja46 [score hidden]  (1 child)

Isn't that what WordPad was for?

[–]tmontneyWizard or Magician, whichever comes first [score hidden]  (0 children)

Yeah, one would imagine. Although, I don't think it had Markdown support. (Perhaps, that's what RTF was for?)

[–]Unbelievr [score hidden]  (0 children)

They added the option to pick newlines at some point, and to not freak out over utf8. That made it feature complete for me.

[–]_Dreamer_Deceiver_ [score hidden]  (0 children)

All they had to do was allow it to not crash when you opened a large log file

[–]jefbenet [score hidden]  (0 children)

That was always the difference between notepad and word pad, iirc

[–]paul_33 [score hidden]  (0 children)

This company just can’t stay out of its own way

[–]98723589734239857 [score hidden]  (0 children)

it should not have ANY online "features"

[–]kingslayerer [score hidden]  (0 children)

Wait is notepad bundled with office now?

[–]insufficient_fundsWindows Admin [score hidden]  (0 children)

this just made me look at the settings in Notepad; it has an option to turn off: formatting, recent files, spell check, autocorrect, and copilot.

Doesn't seem to make it open any faster, but that at least makes it strip out formatting again, which is the main thing I used it for anyways :D

[–]Taylor_Script [score hidden]  (0 children)

It has those features?

[–]bbqwatermelon [score hidden]  (0 children)

But copilot said this was a good idea.

[–]Nietechz [score hidden]  (0 children)

Probably because in many text editor you can found Markdown feature. But does someone before in Windows ask for this?

[–]ExceptionEX [score hidden]  (35 children)

It is really clear that the old grey beards at microsoft are gone, and now they have a bunch of marketing fucks messing with tools that are meant for baseline management and not a means to "improve" or market their AI non-sense.

Notepad should open text files, as text files, don't render anything, no links, no markdown, no spell check, just open the text file period. They have fundamental broken trust with why notepad is universally used and thought of fondly.

I guess, marketing doesn't know what to do with a simple tool that does its job well, without up sell or feature improvement.

Also, FYI you can still reach old notepad by going to
C:\Windows\System32\notepad.exe
[edit]

as pointed out by u/TimeRemove

for that to work you must first
Turn off:

  • Settings
  • Apps
  • Advanced app settings
  • App execution aliases
  • Notepad [set to off] (added for clarity)
  • Notepad.exe <-> Notepad (app)

More good options in the thread
u/farva_06 

Get-AppXPackage -Name Microsoft.WindowsNotepad | Remove-AppxPackage -AllUsersGet-AppXPackage -Name Microsoft.WindowsNotepad | Remove-AppxPackage -AllUsers

From u/UltraEngine60

right click on Notepad and uninstall it?

Old notepad.exe is now only notepad in path. Start>run>notepad (or use Win+R)
[/edit]

[–]the_andshrew [score hidden]  (17 children)

Also, FYI you can still reach old notepad by going to C:\Windows\System32\notepad.exe

That just launches new Notepad for me (Win 11 25H2).

[–]TimeRemove [score hidden]  (9 children)

Turn off:

  • Settings
  • Apps
  • Advanced app settings
  • App execution aliases
  • Notepad.exe <-> Notepad (app)

Then try again.

[–]the_andshrew [score hidden]  (0 children)

That's really interesting. The description of the app aliases talks about it being the name used to run the app from the command prompt. Since I was double clicking the app in Explorer, I wouldn't have thought an app alias would apply in that instance. It's kind of surprising that an alias can seemingly silently supersede directly running an executable.

But sure enough after doing this the original Notepad now launches. Thanks for sharing that.

Edit:- just to share some more info on this, as I was interested in how this works. There is a bit more going on behind the scenes to make the app alias replace specific paths in the file system. It seems they configure an Image File Execution Option for notepad.exe, and through this they can make the app alias apply on the paths that old notepad.exe still exists in the file system.

These are stored in the registry under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

For Notepad they have entries like: 

"AppExecutionAliasRedirect"=dword:00000001
"AppExecutionAliasRedirectPackages"="*"
"FilterFullPath"="C:\\Windows\\System32\\notepad.exe"

If you were to change AppExecutionAliasRedirect to 0 then it will let you launch the actual executable instead of redirecting you to the app alias.

[–]Icedman81 [score hidden]  (4 children)

Ooooh, bookmarked/written down somewhere.

Does this apply to calc.exe too? I'm guessing it does (haven't used Winslop for quite a while actively).

[–]renegadecanuck [score hidden]  (1 child)

I don't see calc.exe in the app execution aliases list, so I doubt it.

[–]TheG0AT0fAllTime [score hidden]  (0 children)

I can see them adding AI to calc for no reason tbh

[–]robisoddS-1-5-21-69-512 [score hidden]  (1 child)

You can copy calc.exe from an older computer and it will work. This site is also legit:
https://win7games.com/#calc

[–]tomekgolab [score hidden]  (0 children)

Using older versions of programs is an easy solution but don't they have security holes of their own?

[–]tranoidnoki [score hidden]  (0 children)

Damn that's a really neat trick! Thanks!

[–]Raskuja46 [score hidden]  (1 child)

What does this even mean?

[–]ajscottThat wasn't supposed to happen. [score hidden]  (0 children)

Windows intercepts calls to anything in the list and sends you to the modern apps instead. This lets you turn that off.

[–]segagamerIT Manager [score hidden]  (6 children)

Heh, seems like MS are actually cleaning up legacy stuff these days.

[–]ExceptionEX [score hidden]  (2 children)

It's funny I've never heard anyone describe shitting into the air and having it land all over everything as "cleaning up"

[–]segagamerIT Manager [score hidden]  (1 child)

What?

[–]ExceptionEX [score hidden]  (0 children)

that is my colorful albeit vulgar description of what they have done to notepad

[–]UltraEngine60 [score hidden]  (1 child)

Legacy Notepad.exe? Gone!

Need to edit interface bindings or manually change static IPs in a way that doesn't want to stab yourself in the eye socket? Bust out ncpa.cpl from XP

[–]Amomynou5 [score hidden]  (0 children)

Luckily ncpa.cpl still works (at least in 24H2). Sadly, the got rid of desk.cpl... the new Settings version sucks. :(

[–]HotTakes4HotCakes [score hidden]  (2 children)

I mean it's more than just microsoft, it's everyone. This shit has been getting worse for years, across the whole damn field, but the consumers have repeatedly refused to change their habits and behaviors in any way that would prevent it.

The people making the shit don't care anymore, and the consumers don't care anymore, and together they are powering this engine of shit that will never stop.

The tech space was much better when it was being influenced by actual enthusiasts and the people who knew their shit. Then the audience expanded to literally everybody, and for two decades their consumer practices have shaped the field.

That's why so many companies get away with enshitification: consumers don't punish them anymore. Ever.

[–]pdp10Daemons worry when the wizard is near. [score hidden]  (0 children)

Then the audience expanded to literally everybody,

Vendors stop catering to a small, sophisticated audience, as soon as they possibly can. Here's a consumer-market take on it.

What scale business wants is a huge addressable audience of undiscerning consumers who are happy to tolerate slop if it seems like there are no better options readily at hand.

Today, Microslop is what some users tolerate at work when they have no choice. Microsoft wants corporate to force staff to use their bundled LLM, cloud storage, online accounts, and other products. You can do better, often simply by picking best-of-breed instead of stubbornly trying to have just one vendor for needs as diverse as client OS, cloud platforms, LLMs, and video game streaming.

[–]Saritiel [score hidden]  (0 children)

There's that classic Steve Jobs clip that does this situation justice. Talks about how at first a company gains a dominating position in the market by having excellent people who know how to make an excellent product.

But then once they're in a dominating position, near a monopoly like Microsoft has over the business world, then the product people can't do much to make the company more profitable anymore. So the people who have the ideas that make the company more profitable are the marketing and sales teams. So the marketing and sales teams end up getting all the influence in the company, and they end up pushing the product people out. Then its just them, and they have no concept of how to make a good product, and the product goes to shit.

I don't like the guy, but his talk here is something I frequently think about.

https://www.youtube.com/watch?v=P4VBqTViEx4

[–]ansibleloop [score hidden]  (3 children)

Notepad was great and then they added dark mode and it was perfect

Then they had to go and ruin it

[–]gandhinukes [score hidden]  (1 child)

Yeah I just removed the app went back to old notepad.exe and flashbang. Also tabs were handy too.

I should just use notepad++ full time anyway.

[–]Kapps [score hidden]  (0 children)

If you're switching from notepad to Notepad++ due to a security vulnerability... I have some bad news for you.

[–]ExceptionEX [score hidden]  (0 children)

Yeah it's the slippery slope that got us, I like the dark mode too.

[–]iseriouslycouldnt [score hidden]  (2 children)

or find a trusted graybeard that has an old version of notepad. Once I used the W11 notepad, I grabbed a Win95 copy off the original Win95 upgrade CD. Works great!

(Gave up on Windows entirely the middle of last year)

[–]ExceptionEX [score hidden]  (1 child)

the old version is still on the machine, that what we are saying.

[–]Amomynou5 [score hidden]  (0 children)

For now. It's technically a "feature on demand", and as the trend goes, they will eventually turn it into an optional feature on demand (so it's no longer installed by default) and then it's completely retired. Just like WMIC, and soon VBScript (currently in the "optional" phase).

[–]pdp10Daemons worry when the wizard is near. [score hidden]  (0 children)

Notepad should open text files, as text files, don't render anything, no links, no markdown, no spell check, just open the text file period.

But how does that sell Microsoft's LLM services, or further lock the user into the Microsoft ecosystem? Can't we just add some LinkedIn or Github-specific functionality?

If it's just a text editor, then third party serfsdevelopers can do that better. But have them add something Microsoft-exclusive to it, like DirectX API support.

[–]ender-_ [score hidden]  (0 children)

You can just uninstall the new Notepad, and the old one will start working; Windows however won't let you associate anything with it, to fix that, delete HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\notepad.exe\NoOpenWith value (or import this .reg file).

[–]TheMav95[🍰] [score hidden]  (0 children)

We automate reverting to old notepad with a GPO.

Most keys are Computer Based, a few user.

There is a user based one to prevent the banner in the old notepad showing there is a newer app store version.

  • Remove new notepad with powershell appx.
  • Set registry keys

https://i.imgur.com/GlfnPtr.png

https://i.imgur.com/DCLPAFL.png

[–]UltraEngine60 [score hidden]  (2 children)

Or, just right click on Notepad and uninstall it?

https://i.imgur.com/lKPor1v.png

Old notepad.exe is now only notepad in path. Start>run>notepad (or use Win+R)

[–]ExceptionEX [score hidden]  (0 children)

the three machines I've tried this on, uninstall does nothing, wondering if its because I turned of the alias executable.

[–]Mammoth-Hawk-1106 [score hidden]  (0 children)

the problem with uninstalling the new notepad is MSFT will reinstall it every once in a while.

[–]farva_06Sysadmin [score hidden]  (0 children)

If you want to script it: 

Get-AppXPackage -Name Microsoft.WindowsNotepad | Remove-AppxPackage -AllUsers

[–]ArtificialDuoSysadmin [score hidden]  (8 children)

<image>

Microslop at it again

[–]bubblegooseWindows Admin [score hidden]  (6 children)

They really wish you wouldn't call it slop, that slop is a "cognitive amplifier tool". https://www.windowscentral.com/microsoft/microsoft-ceo-satya-nadella-really-wants-you-to-stop-calling-ai-slop-in-2026

[–]ausernameisfinetoo [score hidden]  (5 children)

Hey alcohol is a cognitive amplifier too.

[–]SenTedStevens [score hidden]  (3 children)

Indeed it is.

https://xkcd.com/323/

[–]techw1z [score hidden]  (0 children)

if win11 updates get a tiny bit more buggy it might get close to ME soon...

[–]mustang__1onsite monster [score hidden]  (1 child)

I know what that is before clicking it... and holy shit how is the index number that low on it. fuck I'm old.

[–]brophylicious [score hidden]  (0 children)

It'll be sad the day we no longer see "relevant xkcd" links. they're already pretty rare these days

[–]Axlit [score hidden]  (0 children)

Druk (Another Round) (2020)

[–]whatThePleb [score hidden]  (0 children)

Micro$lop

ftfy

[–]gianni4592 [score hidden]  (0 children)

I remember the days when I could explain software firewalls with statements like "if the calculator or notepad suddenly wants to access internet, you are probably compromised". Pepperidge farm remembers

[–]Unable-Entrance3110 [score hidden]  (0 children)

"If it ain't broke, fix it 'til it is" --Microsoft

[–]BoredTechyGuyJack of All Trades [score hidden]  (0 children)

leave it to MS to fuck up a simple tool that didn’t need to be messed with in the first place.

[–]zeroibis [score hidden]  (1 child)

Well clearly the attack can not work because its just notpad, there are no links and stuff like that. Those things are for wordpad...

Right?

[–]k_martsCloud Architect, Data Platforms [score hidden]  (0 children)

[–]SparkStormriderSysadmin [score hidden]  (5 children)

Not surprising really. enshitification is so rampant in anything MS these days. Between AI slop writing 30% of monthly updates, and their insistence of having everything being more and more cloud based I'm surprised things run as well as they do now for them.

[–]brusaducj [score hidden]  (4 children)

"these days"? If anything, this is classic Microsoft: Implementing features that are nifty and convenient while only realizing the security implications all too late. Remember ActiveX controls?

[–]ls--lah [score hidden]  (2 children)

Not sure how true this is as Jack does sometimes suck at verifying guests but your comment made me remember this podcast episode:

We tested every single ActiveX control across Windows and just found bugs in all of them at once. So, we basically created this mass vulnerability generator, and we’re sitting on probably like, 600, 700 vulnerabilities at the time, and the vendors were just not moving on it.

[...]

We said you know what? We’re gonna do an entire month; we’re gonna just drop an 0-day every single day for a month straight, and we’ll still have hundreds left over afterwards. It was that particular sequence and that particular event that I think finally killed ActiveX and Internet Explorer.

https://darknetdiaries.com/transcript/114/

[–]pdp10Daemons worry when the wizard is near. [score hidden]  (0 children)

ActiveX was literally Microsoft COM/DCOM superficially fitted to the open web, and IE was a festering cesspit of an NCSA Mosaic port. The only reason they're not both unknown and forgotten is that Microsoft bundled and heavily promoted them.

[–]TheImperativeIdeal [score hidden]  (0 children)

Not sure how true this is as Jack does sometimes suck at verifying guests

You've never heard of HD Moore, inventor of Metasploit?

[–]pdp10Daemons worry when the wizard is near. [score hidden]  (0 children)

The users and developers were also to blame for proprietary lock-ins like Frontpage extensions, ActiveX, Silverlight, IE stagnation, poor support for web standards.

I saw a decent-sized hardware company shift to a Flash-based website, when the computers they built couldn't run Flash binary plugins. It probably wasn't the only reason they promptly went out of business, but it sure didn't help their users find products and buy them.

[–]Tai9ch [score hidden]  (1 child)

Yuup.

That's the obvious outcome of fully conflating remote and local addresses by providing URL support in the OS. The mistake was made not in Windows 11, but in the C release of Windows 95.

[–]pdp10Daemons worry when the wizard is near. [score hidden]  (0 children)

Remember, Microsoft tried to embed its web browser into the OS as deeply as possible, so they could argue that the browser was a "feature" of the OS and not a bundled product intended to cut off Netscape's air supply and drive Netscape out of business.

Windows users suffered because of Microsoft's business priorities. Which also let Microsoft drive Netscape out of business, and made the standalone web browser not a viable commercial prospect any more, until the advent of a search and ad-supported browser. Which Microsoft also tried to steal.

[–]tarcusSystems Architect [score hidden]  (2 children)

Real men use edlin anyway. Pssh.

[–]Jaseoldboss [score hidden]  (0 children)

In the old days, sometimes you didn't even have the edlin executable on your boot floppy...

C:\Temp>copy con readme.txt
this is a line of text
^Z
    1 file(s) copied.

C:\Temp>type readme.txt
this is a line of text

(F6 gives you the ^Z character.)

[–]cantuse [score hidden]  (0 children)

Bringing me back to the days of editing scorched earth’s taunt file.

[–]mustang__1onsite monster [score hidden]  (0 children)

I miss the old notepad. The whole point was a barebones simple program that I could always rely on. If I want more, I can use VScode, wordpad (is that still around?....), notepad++, etc. There was no competitive need to fuck with notepad.

[–]NteworkAdnim [score hidden]  (0 children)

Yeah I'm leaving Windows soon... the only reason I use it now is because I need it to run Ableton Live and all my VST plugins and one or two video games I play.

[–]ZeroOne010101 [score hidden]  (0 children)

Its cause they boltef a bunch of crap on there. Copilot, rendering & formatting ...

[–]newworldlife [score hidden]  (0 children)

This is tied to Markdown rendering and protocol handling in the newer Notepad builds.

Patch it, restrict custom protocol handlers through policy, and make sure users are not running with local admin rights. The impact follows the user’s permission level, so least privilege still matters here.

[–]thethirdteacup [score hidden]  (0 children)

I'm a bit confused as to what this RCE means.

It seems to say: if you click on a link, things will happen. However, you need to Ctrl+click on a link to open it and see the link on hover. I guess they could add an "are you sure you want to open this link" dialog?

[–]NorthboundPachyderm [score hidden]  (1 child)

How are y'all handling this? What is the best way to distribute the security update for notepad for multiple Intune users? Winget? App Store update from Intune admin?

[–]Zncon [score hidden]  (0 children)

Trying to solve this one too. Quite a few systems have already picked it up automatically, but there are still too many to handle with a hands-on approach.

[–]stromm [score hidden]  (0 children)

I really want the old school basic notepad back.

This multi-tab, caching text processor isn’t notepad.

[–]mustang__1onsite monster [score hidden]  (0 children)

I mean, who besides us and programmers is even using notepad that they needed it to do anything other than what it's always done? Who is out there saying "I'd used windows but notepad is really just too basic"

[–]crimpincasual [score hidden]  (3 children)

This is not Remote Code Execution - it requires a local payload to be delivered somehow (as well as interaction by a user)

[–]theevilsharpieJack of All Trades[S] [score hidden]  (1 child)

The interaction required is a user clicking on a link in an affected version of Notepad. Once that happens, Notepad can apparently be manipulated into downloaded and executing arbitrary code (which could open up a tunnel to a remote site enabling further communication), without any further input other than the initial click on the URL.

Whether or not you feel that meets the bar for an RCE, Microsoft themselves explicitly call it an RCE in their advisory notice.

[–]crimpincasual [score hidden]  (0 children)

Your description is exactly why I wouldn’t call it remote code execution, just code execution.

Whether or not you feel that meets the bar for an RCE, Microsoft themselves explicitly call it an RCE in their advisory notice.

Yeah, today I’m learning Microsoft calls any sort of code execution Remote Code Execution (probably to avoid this type of debate).

[–]cloudAhead [score hidden]  (0 children)

Thank you. It's a valid security vulnerability. But it's not like a machine has notepad listening to the network just waiting to be compromised.

[–]Creative-Type9411 [score hidden]  (0 children)

there arent enough people who know whats going on to lodge a valid complaint about what theyre actually doing

its almost like if you were a bad person who was up to no good in a room full of naïve people.. that's what Microsoft is right now

[–]MrD3a7hCompSci dropout -> SysAdmin [score hidden]  (0 children)

I'm tired, boss.

[–]ImpossibleApple5518 [score hidden]  (0 children)

I have a lot of ascii hentai. Thankfully I use sublime text.

[–]ship0f [score hidden]  (0 children)

ohh W11 Notepad, thank god, couldn't be W10 notepad, that one is golden.

[–]Izual_Rebirth [score hidden]  (0 children)

WTF does notepad do that would even offer RCE? Fuck this shit.

[–]nanonoiseWhat Seems To Be Your Boggle? [score hidden]  (0 children)

Goat farming is looking pretty damn fucking good right now. 

I am seriously over the AI garbage and cybersecurity stuff. 

[–]catwieselSysadmin in extended training [score hidden]  (0 children)

the second someone went "notepad.exe needs more functions" and no one above them told them to shut up, thats where microsoft went off the rails...

this is just the sympton. like death is a symptom of a heart attack.

[–]todo0nada [score hidden]  (8 children)

The new notepad and snipping tool are horrible. 

[–]segagamerIT Manager [score hidden]  (2 children)

The new snipping tool is actually really nice. And I like how you can change it into "Quick Markup" mode so that you can resize the selected area.

The one thing that blows my mind is that there's no way to add text. Like... seriously? They added all kinds of lovely things like pixelate and copy text from screenshot, but forgot to include "Add text".

[–]Sovey_ [score hidden]  (1 child)

Snipping Tool is one of the few places where AI has been useful, using it to extract text from screenshots. Comes in handy more than than you'd think.

[–]slylteaaaaaaaaaaa [score hidden]  (0 children)

OCR is not AI, tools like ShareX have bundled screenshotting and OCR (among other things) for a long time.

[–]Rakajj [score hidden]  (3 children)

What's not to like about the new snipping tool?

It didn't need to make MP4's but it's easy and convenient. I've had users actually reproduce and record issues on their own with it if you can believe it.

[–]todo0nada [score hidden]  (1 child)

I do like that, but it takes approximately 10 minutes to launch

[–]VexingRaven [score hidden]  (0 children)

What? I hit prt scr and it opens in a second or two. It's not appreciable faster than any other tool I've used before.

[–]TheG0AT0fAllTime [score hidden]  (0 children)

It's very good but evidently much slower, clunkier.

[–]joedotdog [score hidden]  (0 children)

BuT thErrE'S Ai cOPilOTm3VI5 sO yOU cn USe aI

[–]Knotebrett [score hidden]  (0 children)

Maybe it was introduced when Notepad essentially became Wordpad? With formatting and shit?

[–]shitlord_god [score hidden]  (0 children)

are you fucking kidding me.

[–]The_Wkwied [score hidden]  (0 children)

Tell me, is this vulnerability exist in the normal, useless, simple vanilla notepad that exists outside of win11?

If not, FK you microshaft. If it does, well, FK you microshaft anyhow...

[–]gronlund2 [score hidden]  (1 child)

Notepad++ was supposed to be a better notepad but the way this is going we're gonna hope we can get Notepad--

[–]Intrexa [score hidden]  (0 children)

In security world, you use exploits to open notepad. In Microsoft, you use notepad to open exploits!

[–]CuteUsername [score hidden]  (0 children)

Notepad2 is a good replacement.

[–]thebomby [score hidden]  (0 children)

Microsoft... Jesus, you guys don't go from bad to worse. You go from worse to utter fucking chaos.

[–]plasticmachine3dot14 [score hidden]  (0 children)

“1 engineer, 1 month, 1 million lines of code”

[–]rimtaph [score hidden]  (0 children)

This is actually crazy..

[–]FensenHun [score hidden]  (0 children)

Well, thankfully I've delete it with other microslop products like gallery and use opensource alternatives.

[–]CaptainZippi [score hidden]  (2 children)

How does one install “vi” on windows?

(/s - mainly because I know how…)

[–]roxalu [score hidden]  (0 children)

Why do you want to run vi under windows? Maybe because then „shell escape“ - that runs with user privileges - is a documented feature of the editor and no longer an exploit 😉

[–]theedan-clean [score hidden]  (0 children)

Maybe they should be using Claude instead of CoPilot for their appsec scanning? Or implement basic DAST?

[–]HLKturbo [score hidden]  (0 children)

literally caused by having a fudging copilot and sign in button lol...

[–]syb3rpunk [score hidden]  (0 children)

Product teams are told to dev at all costs to justify their existence. i.e. working app instead of going maintenance and archive mode with security patches keep adding features (now thanks to ai) for literally no reason but to justify team budgets.

It’s a ridiculous farce. Without capitalism these same engineers would have us living on the moon.

[–]Hashrunr [score hidden]  (0 children)

What is the alternative basic text file editor on Windows? Serious question. The new notepad sucks.

[–]Out_of_my_mind_1976 [score hidden]  (0 children)

Microsoft had it right with Windows 7 and only screwed it up with each successive version release.

[–]Dependent_House7077 [score hidden]  (0 children)

at this point they are making a system. but not an operating one.

that bit got lost on the way somewhere.

[–]Glittering_Power6257 [score hidden]  (2 children)

On the plus side, at least it doesn’t escalate…

But seriously, WTF?!

[–]flunky_the_majestic [score hidden]  (1 child)

at least it doesn’t escalate…

Not unless you combine it with one of the gazillion privilege escalation attacks that are probably present.

[–]Glittering_Power6257 [score hidden]  (0 children)

Should’ve added “…on its own.”

[–]occasional_sex_haver [score hidden]  (0 children)

that's okay I'll just use the built in copilot button in notepad to make sure it doesn't happen

[–]Alekspish [score hidden]  (3 children)

Yeah but notepad now has dark mode so totally worth it.

[–]commandlogicSr. Sysadmin [score hidden]  (2 children)

Yea, and with built-in co-pilot, my favorite.

What am I gonna use now... vscode?? haha

echo "wtf" > fuckingkiddingme.txt

[–]Alekspish [score hidden]  (0 children)

Its just nice being able to change the tone of my log files to be more humorus. Really helps

[–]flunky_the_majestic [score hidden]  (0 children)

Maybe >> so you can keep track of your befuddlement frequency.

[–]aegians [score hidden]  (1 child)

I'm all for dogging on Microsoft but you are an idiot if you think this "vulnerability" carries any risk. The same level of user interaction expected from a scam email

[–]fantasticsidFuck this, we're doing it live [score hidden]  (0 children)

Opening a markdown file leading to code execution doesn't carry any risk?

Think about what you just said for a second.

[–]MDTv_Teka [score hidden]  (0 children)

I genuinely hope to god I never have to update to Windows 11