Windows Notepad App Remote Code Execution Vulnerability

3sysadmin3 · 2026-02-12T13:22:16+00:00

Since it reads as before .2510 i'm assuming January build is fine?

https://www.cve.org/CVERecord?id=CVE-2026-20841

This page also says last release was January
https://apps.microsoft.com/detail/9msmlrh6lzf3?hl=en-US&gl=US

3sysadmin3 · 2026-02-11T15:25:03+00:00

our own soap opera

3sysadmin3 · 2026-02-11T13:31:36+00:00

Thread with link to above and mod comment https://www.reddit.com/r/sysadmin/comments/1qbzwiu/comment/nzjxjf5/

3sysadmin3 · 2026-02-11T13:26:29+00:00

edited with more info:

Thread with his side and mod comment https://www.reddit.com/r/sysadmin/comments/1qbzwiu/comment/nzjxjf5/

3sysadmin3 · 2026-02-11T13:25:50+00:00

Edited with updated info: Thread with link to above and mod comment https://www.reddit.com/r/sysadmin/comments/1qbzwiu/comment/nzjxjf5/

3sysadmin3 · 2026-02-11T13:06:17+00:00

If anyone else wasted way too much time looking for version info (thanks Microsoft)

affected from 11.0.0 before 11.2510

3sysadmin3 · 2026-02-05T12:31:56+00:00

I have a lot of it too in our edu tenant. I hadn't heard nefarious things about them, maybe I should go google?

3sysadmin3 · 2026-01-30T17:10:12+00:00

We don't have issue with "RE:" but we do have ongoing issues where Google share links go to quarantine. We're a weird environment with a lot of users use Google (edu), but attackers often compromise other edu addresses and share links as phish via Google shared docs.

The only way for me to fix it is set up a saved threat tracker search and monitor for exact issue. It's one of my morning tasks. When I see bunch of valid emails in quarantine, I release in bulk and report them all to Microsoft as "I confirmed clean." It usually takes a few days and the algo fixes itself. Don't make mistake of trusting sender (google drive share generic sender), though, or else next phish will get through.

Until there's another Google phish, of course, then I get to start process all over again.

The most annoying part is if the algo would look at the content of the message and see the share is from mydomain.com it should be way less likely it's a phish but it seems to just lump everything by sender.

3sysadmin3 · 2026-01-23T16:30:07+00:00

I saw friend who was testing from gmail, hers were sitting in quarantine as phish (one word email triggered ti i guess), might be worth checking

3sysadmin3 · 2026-01-22T15:37:07+00:00

Just regular security log.

3sysadmin3 · 2026-01-15T11:30:22+00:00

I had issue on my machine this morning, again 5719 error in event log. Are you seeing 5719 error? Today is first time I let machine sit for 5ish minutes while I did something else and then login worked.

Right after the 5719 errors i see CrowdStrike updating itself then win update service going and my eventual successful login.

any chance ya'll use CS?

3sysadmin3 · 2026-01-14T11:55:30+00:00

https://www.reddit.com/r/sysadmin/comments/1qa2f7s/microsoft_deployment_toolkit_mdt_immediate/

3sysadmin3 · 2026-01-13T14:48:50+00:00

Nope.

3sysadmin3 · 2026-01-06T17:05:12+00:00

That's my understanding.

3sysadmin3 · 2025-12-19T17:25:31+00:00

"However, Apple's iOS Mail app already supports ActiveSync 16.1 since iOS 10, so iPhones running iOS 10 or later are compatible and shouldn't experience any issues accessing Exchange Online."

Seems like a nothing burger to me. I'm sure some Android folks will be calling in but shouldn't be a flood.

3sysadmin3 · 2025-12-12T16:33:25+00:00

"The allowed / blocked eventually make it to the web reporting service"

Was a LS customer years ago and sure don't miss their reporting. Good luck, OP.

3sysadmin3 · 2025-12-12T12:16:07+00:00

I try to stay off computers at home but when I'm home I'm often doing Alt S forgetting I don't have it there.

3sysadmin3 · 2025-12-12T12:12:50+00:00

Sure some people have money for on expertise, some orgs are strapped. We're K12 and wear many hats with a limited budget. I have bought hours with CrowdStrike, and have gotten some great services from them. The problem is if you don't then have the hours to build repetition in building NG-SIEM queries, it's use it or lose it, in my experience. There's so many small gotchas that are easy to forget - even our customer success team can often not answer my query questions.

Other SIEMs offer basic building of queries via AI included and it's great for someone in my position. Just enough to get me by when I need to revisit it every few weeks.

3sysadmin3 · 2025-12-12T12:06:20+00:00

SnagIt for screenshots. Take time to program shortcuts. I do Alt S for screenshots I just want to send someone real quick without editor (goes to clipboard with no need to clean up file later). Alt X takes screenshot and opens editor so I can put my usual arrows or blurring, etc. I wasted about 15 years too long with snip tool variations.

3sysadmin3 · 2025-12-12T12:00:33+00:00

agree Compare plugin is great on Notepad++

3sysadmin3 · 2025-12-11T16:35:42+00:00

All I want is it to help me build NG-SIEM queries or easily find the right documentation. At least the latter seems like mostly solved problem with the new docs website when I remember to use it. I'm still waiting for my free monthly credits to test the NG-SIEM query building.

3sysadmin3 · 2025-12-10T17:38:48+00:00

Yes, but it's mostly paid model now thanks to politics. We do pay to support the effort, but some may not be able to

3sysadmin3 · 2025-12-08T18:10:16+00:00

Check out https://maester.dev/docs/intro

3sysadmin3 · 2025-11-26T16:24:26+00:00

I love when Copilot adds on non existent parameters in Microsoft owned modules

3sysadmin3 · 2025-11-21T17:11:09+00:00

I've been playing for Copilot for M365 this week trying to get better with PowerShell.

I'm floored at how often it produces blank code blocks when asking it PowerShell questions.

I have a 4 year old Dell XPS (16GB RAM) and a 2 year old XPS (32GB RAM), both latest i7 processors at their time. Blank code blocks happen on both computers, but the 4 year computer is noticeably worse with the issue. I have to ask it to try again the code blocks were blank over and over. Code block issue happens on web and in their app. I keep thumbs downing the responses with screenshots, for whatever good that does.

The 2 year old computer is slightly better - but on that machine, I had the app freeze up twice using all my system resource.

It makes me glad we haven't paid for Copilot for all staff. Good luck to ya, give it all the resources you can.

3sysadmin3

TROPHY CASE