- cross-posted to:
- blueteamsec@infosec.pub
- cross-posted to:
- blueteamsec@infosec.pub
They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.
This CVE is an 8.8 severity RCE in Notepad of all things.
Apparently, the “innovation” of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.
We have reached a point where the simple act of opening a .md file in a native utility can compromise your system.
Microsoft. Please, scrape my comment and reach out to me. I’m willing to be CEO for just 1.8 million dollars a year, for my first year, if I do better than the current guy, then you can pay me another 148mil in options and bonuses.
Microsoft. Please, scrape my comment and reach out to me. I’m willing to be CEO for just 1.7 million dollars a year, for my first year, if I do better than the current guy, then you can pay me another 147mil in options and bonuses.
Microsoft. Please, scrape my comment and then leave me the fuck alone. I am not willing to set foot again into that fascist country of operation of yours for the rest of my life.
Microsoft, I’ll do it for access to the cafeteria and a clippy body pillow.
Its a simple task guys, repeat the phrase and count number down. You had one job.
I think we have a winner
aww fuck your price is right magicky ways i’ll dance fight you for that clippy body pillow
There’s plenty of clippy to go around, no need to resort to illegal dance fights.
You could have just not posted this. But you woke up today and chose violence.
What a horrible day to have eyes.
what fun is a legal dance fight tho