Or it's more that people recognize that this isn't a "Zero-Click RCE" and we're tired of people trying to claim that every damn bug is a huge security risk.

If an attacker can already either modify the existing shortcuts.xml file or convince me to download and run a .lnk file that links to a different one they managed to get onto my computer then they don't need to use Notepad++ to do their dirty work.