TweakTown
News
Software & Apps

Extra features for Windows 11 Notepad go beyond worries about bloat, as new security flaw shows

There's a remote code execution vulnerability in Notepad which is leveraged via the recently introduced formatting abilities to make tables in the app.

Extra features for Windows 11 Notepad go beyond worries about bloat, as new security flaw shows
Comment IconFacebook IconX IconReddit Icon
Tech Reporter
Published
1 minute & 45 seconds read time
TL;DR: Windows 11's Notepad app has a security flaw rated as a 'high' severity vulnerability, one that allows for remote code execution. The good news is that it's already been patched by Microsoft, so update your Notepad app now.

Windows 11's Notepad app is slowly becoming WordPad, after Microsoft ditched the latter, and made up for that (in a fashion) by adding quite a few extra features to the former - but one introduction has ushered in a security vulnerability.

Update your Notepad app now (Image Credit: Microsoft)
2
Update your Notepad app now (Image Credit: Microsoft)

This highlights that concerns here are not just about Notepad becoming 'Bloatpad', but also that these new features may not just bog down the app - making it less responsive over time with the incremental weight of said additions - they can also put the user at risk.

PC Gamer reports that the new tables feature brought in for Notepad recently - allowing for formatting basic tables in your text docs - has a remote code execution flaw.

Microsoft rates the vulnerability as 'high' in terms of its severity, explaining that: "Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network." The upshot is that if a Notepad user opens a Markdown file downloaded from the malicious actor, and clicks the dodgy link said attacker has placed inside, then the PC will be compromised. The attacker will get the same level of system privileges as the victim, meaning if this is the admin account, they'll obtain full admin access.

Obviously that's very bad news, but still - the attack does rely on downloading a file from an unknown site, and then actually clicking the link (with the host PC being online, of course). And we all know to be very careful with any remotely suspect looking links at this point...

Still, this is clearly something to be aware of if you use Notepad, but the good news is that the fix has been implemented. You'll need to update your copy of the app to the latest version via the Microsoft Store to get the cure, so if you've got a spare moment, it might be worth doing that now.

Photo of the Microsoft Office Home 2024 Software
Best Deals: Microsoft Office Home 2024 Software
Today7 days ago30 days ago
$179.99 USD
$179.99 USD-
Buy
-
-$179.99 USD
Buy
$179.99 USD
$179.99 USD-
Buy
$199.99 CAD
$199.99 CAD$169.99 CAD
Buy
$179.99 USD
$179.99 USD-
Buy
$179.99 USD
$179.99 USD-
Buy
Check Price
Check PriceCheck Price
Buy
* Prices last scanned 4/2/2026 at 4:53 am CDT - prices may be inaccurate. As an Amazon Associate, we earn from qualifying purchases. We earn affiliate commission from any Newegg or PCCG sales.
News Sources:msrc.microsoft.com, pcgamer.com, and microsoft.com

Tech Reporter

Email IconX IconLinkedIn Icon

Darren has written for numerous magazines and websites in the technology world for almost 30 years, including TechRadar, PC Gamer, Eurogamer, Computeractive, and many more. He worked on his first magazine (PC Home) long before Google and most of the rest of the web existed. In his spare time, he can be found gaming, going to the gym, and writing books (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Follow TweakTown on Google News
Add TweakTown as a source on Google

Similar News Stories

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles