alt Hacker News>At some point, they need to stop asking "can we add this feature?" and start asking "does this text editor need a network-aware rendering stack?"
But so far as I can tell the bug isn't related to "network-aware rendering stack" or AI (as other people are blindly speculating)?
From MSRC:
>How could an attacker exploit this vulnerability?
>An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files.
Sounds like a bug where you could put an url like \\evil.example\virus.exe into a link, and if a user clicks it executes virus.exe
That's why we have text editors, markdown viewers, image viewers, etc.
You were never able to "click a link" in Notepad in the past.
Mixing responsibilities brings with it lots of baggage, security vulnerabilities being one of them.