> An attacker could trick a user into clicking a malicious link inside a Markdown file opened in ...

netsharc • today at 8:34 AM • 1 reply • view on HN

> An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.

From https://msrc.microsoft.com/update-guide/vulnerability/CVE-20... (there are many collapsible elements on this page, and they're also just for term definitions, sigh)

What a fucking terrible page for someone unfamiliar with the site. the "Learn More" links will allow you to learn what the terms "CWE", "CVSS", "Product Status" mean, but not to learn more about this vulnerability...

Anyway, it's not related to CoPilot, but because Notepad makes links clickable now...

Replies

fhd2 • today at 10:13 AM

> Anyway, it's not related to CoPilot, but because Notepad makes links clickable now...

True, not related to CoPilot, but if I understand your conclusion right (which I'm not sure about), it's not _just_ that links are clickable now, it's because Notepad actually does something with the links. Otherwise it'd be a browser vulnerability, and Notepad couldn't seriously be blamed.

➕ show 1 reply

alt Hacker News

Replies