A zero-day vulnerability has been found in Windows Notepad. The security expert who found the vulnerability showed a screenshot on Twitter indicating that by using this vulnerability a potential attacker can launch programs or commands from Notepad. Using a small trick, the attacker can bring up command line or cmd.exe. This in turn can be utilized to gain access to your PC. The vulnerability seems to affect Windows 10 and also earlier versions of Windows. The security researcher will release the proof-of-concept code three months later as this is the standard that all security researchers abide by.
Microsoft is aware of this newly found vulnerability in Windows Notepad, and they are supposed to release a fix or patch very soon – perhaps next month. But in the meanwhile, you should avoid using Windows Notepad and use some other alternatives like Notepad++ which is the best plain text and code editor program available.
Notepad also makes it very easy to replace Windows Notepad with Notepad++. It can be done in two ways – by making changes to the registry manually or through the options available in Notepad++ itself. The first method involves launching an elevated command prompt and giving commands to add some values to the Registry. You can see the details of this method at – how to replace Windows Notepad with Notepad++.
In the second method, you have to open Notepad++ settings and add the TXT and LOG extensions to be handled by Notepad++ which works fine but you have to take more steps to ensure that Windows starts to use Notepad++ as the default application for handling TXT and LOG files. You can read more about this method at – Replacing Notepad with Notepad++ in Windows 10.