Windows Notepad App Yɔrɔjan kode waleyali gɛlɛya

Windows Notepad App Remote Code Execution (RCE) ka bɔnɛba dɔ jirala, min b’a to binkannikɛlaw bɛ se ka kodɔn u yɛrɛ sago kɛ sistɛmuw kan minnu tɔɔrɔla, u kɛtɔ ka baarakɛlaw lafili dɔrɔn walasa u ka dosiye kɛrɛnkɛrɛnnen dɔ da wuli. O gɛlɛya in bɛ baara kɛ cogo min na, o faamuyali — ani i ka jagokɛyɔrɔw lakanani cogo — o nafa ka bon jɛkulu o jɛkulu ma min bɛ baara kɛ bi bagabagali siratigɛ la.

Windows Notepad yɔrɔjan kode waleyali gɛlɛya ye mun ye tigitigi ?

Windows Notepad, n’a jatera kabini tuma jan, a jatera sɛbɛnnikɛlan ye min tɛ kojugu kɛ, a kolo jɛlenw, n’a bɛ fara Microsoft Windows bɔko bɛɛ kan, tariku kɔnɔ, a jatera ko a nɔgɔn kojugu fo a tɛ se ka lakanabaliya juguw mara. O hakilina in y’a jira ko farati tɛ a la. Windows Notepad App Remote Code Execution ka gɛlɛya bɛ barikantanya nafa sɔrɔ Notepad bɛ dosiye suguya dɔw lajɛ cogo min na ani ka hakilijagabɔ tila-tilacogo ɲɛnabɔ sɛbɛnni kɔnɔkow jirali waati.

A kɔnɔ, nin danfara suguya in bɛ tali kɛ buffer overflow walima memory corruption flaw dɔ la min bɛ daminɛ ni Notepad ye dosiye dɔ baara min labɛnna ni juguya ye. Ni baarakɛla dɔ ye sɛbɛn dilannen da wuli — a ka c’a la, a bɛ kɛ i n’a fɔ .txt walima log file min tɛ kojugu ye — binkannikɛla ka shellcode bɛ baara kɛ baarakɛla sisan ka sigida kɔnɔ. Ikomi Notepad bɛ baara kɛ ni baarakɛla min donna a kɔnɔ, o ka yamaruyaw ye, binkannikɛla bɛ se ka se ka o jatebɔsɛbɛn ka donko hakɛw bɛɛ kunbɛn, ka fara kalan/sɛbɛnni sɔrɔli kan dosiye kɔrɔw ni ɛntɛrinɛti nafolo kan.

Microsoft ye lakana ladilikan caman ɲɛnabɔ minnu ɲɛsinnen bɛ Notepad ma san laban ninnu na a ka Patch Tuesday cycles fɛ, ni gɛlɛyaw ye minnu sɛbɛnnen bɛ CVEw kɔnɔ minnu bɛ nɔ bila Windows 10, Windows 11 ani Windows Server bɔko la. Fɛɛrɛ in bɛ kɛ cogo kelen na : parsing logic failures bɛ cogoyaw lawuli minnu bɛ se ka nafa sɔrɔ minnu bɛ tɛmɛ hakilijagabɔ lakanani sariyalenw fɛ.

Binnkanni vektɔri bɛ baara kɛ cogo di diɲɛ kɔnɔko lakikaw la ?

Binnkanni cakɛda faamuyali bɛ jɛkuluw dɛmɛ ka lafasali kɛcogo ɲumanw jɔ . Nafabɔcogo danma dɔ bɛ tugu ɲɔgɔn kɔ min bɛ se ka fɔ ka ɲɛ:

• Lase : Binkannikɛla bɛ dosiye jugu dɔ dila k’a tila-tila ni i ye imeyi jugu fɛ, telesarse ladɛrɛsi juguw fɛ, ɛntɛrinɛti drive jɛlenw fɛ, walima sankaba mara baarakɛminɛnw fɛ minnu bɛ tiɲɛ.
• Waleya daminɛ : Jatigɛwalekɛla bɛ dosiye digi siɲɛ fila, o bɛ da wuli Notepad kɔnɔ ka da Windows dosiye jɛkulu sigicogo kan .txt, .log, ani a ɲɔgɔnnaw kan.
• Hakilila nafabɔli : Notepad ka parsing engine bɛ kunnafonidilanw sɔrɔ minnu ma labɛn ka ɲɛ , o bɛ kɛ sababu ye ka heap walima stack overflow kɛ min bɛ hakilijagabɔlan kɔrɔlenw sɛbɛn ni binkannikɛlaw ka nafaw ye .
• Shellcode waleyali : Kunnafoni-falen-falen bɛ ɲɛsin nafamafɛnw ma minnu bɛ don a kɔnɔ, o bɛ se ka porogaramu jugu wɛrɛw telesarse, ka persistence sigi sen kan, ka kunnafoniw bɔ kɛnɛ kan, walima ka taa kɛrɛfɛ rezow kɔnɔ.
• Nafaw jiginni (a bɛ se ka kɛ): Ni a farala ɲɔgɔn kan ni sigida danbe jiginni nafamafɛn filanan ye, binkannikɛla bɛ se ka wuli ka bɔ baarakɛla ka sigiyɔrɔma jɔnjɔn na ka taa SYSTEM-dakun sɔrɔli la.

Min bɛ nin kɛ faratiba ye kɛrɛnkɛrɛnnenya la, o ye dannaya jɛlen ye baarakɛlaw bɛ min bila Notepad kɔnɔ. A tɛ i n’a fɔ dosiyew minnu bɛ se ka kɛ, sɛbɛn gansanw man teli ka sɛgɛsɛgɛ baarakɛlaw fɛ minnu bɛ lakana dɔn, o b’a to dosiyew dicogo min bɛ kɛ ni sigida ye, o bɛ nɔ bɔ kosɛbɛ.

ye

Hakilila kunbaba : Faratiba minnu ka bon kosɛbɛ, olu tɛ sɔrɔ tuma bɛɛ baarakɛminɛn gɛlɛnw na, minnu ɲɛsinnen bɛ ɛntɛrinɛti ma — a ka c’a la, u bɛ sigi baarakɛminɛn dannamɔgɔlenw kɔnɔ, don o don baarakɛminɛnw na, jɛkuluw ma deli ka minnu jate bagabagali yɔrɔ ye. Windows Notepad ye kalan gafe misali ye min b’a jira cogo min na hakilina kɔrɔw bɛ porogaramu "safe" kan, olu bɛ bi binkanni siraw da.

Fara minnu bɛ se ka suma ɲɔgɔn ma, olu ye mun ye Windows sigida danfaralenw na ?

O gɛlɛya in juguya bɛ danfara ka kɛɲɛ ni Windows sigida ye, baarakɛla ka nɛɛma labɛncogo, ani patɔrɔnw ɲɛnabɔli jɔcogo. Baarakɛda sigida minnu bɛ Windows 11 baara ni fɛnkurabɔlenw dalajɛlen labanw ye ani Microsoft Defender min labɛnna bloki cogo la, olu bɛ dɔ bɔ kosɛbɛ fɛnw jirali la ni i y’a suma ni jɛkuluw ye minnu bɛ Windows 10 walima Windows Server misali kɔrɔw, minnu ma labɛn.

Windows 11 kan, Microsoft ye Notepad jɔ kokura ni bi baarakɛminɛnw pakew ye, k’a baara i n’a fɔ Microsoft Store baarakɛminɛn sandboxed ni AppContainer isolation ye cogoya dɔw la. Nin fɛn dilanni fɛn caman Changement in bɛ nɔgɔya nafama di — hali ni RCE sɔrɔla, binkannikɛla senna-tɛgɛrɛ bɛ bali AppContainer dancɛ fɛ. Nka, o sandboxing in tɛ kɛ diɲɛ bɛɛ kɔnɔ Windows 11 labɛncogo bɛɛ la, wa Windows 10 sigidaw tɛ o lakanani sugu sɔrɔ u daminɛ na.

Jɛkulu minnu ye Windows Updates otomatikiw bali — o ye labɛn ye min bɛ kɛ cogo kabakoma na sigidaw la minnu bɛ porogaramu kɔrɔw baara — olu bɛ to kɛnɛ kan kabini waati jan Microsoft ye patch bɔlen kɔfɛ. Farati bɛ caya sigidaw la, baarakɛlaw bɛ baara kɛ tuma bɛɛ ni sigida ɲɛmɔgɔw ka nɛɛma ye, o ye cogoya ye min bɛ danbe dɔgɔya sariya tiɲɛ nka a bɛ to senna kosɛbɛ jagokɛyɔrɔ fitininw ni cɛmancɛw la.

Jagokɛlaw ka kan ka fɛɛrɛ jumɛnw tigɛ teliya la walasa ka nin gɛlɛya in nɔgɔya ?

Dɔgɔyali ɲuman bɛ taabolo layɛrɛ dɔ de wajibiya min bɛ teliya ka dɛsɛ ni lakana jɔcogo cɛmancɛw bɛɛ ɲɛnabɔ minnu bɛ nafabɔ kɛ :

1. Patchw kɛ joona : Aw ye aw jija Windows sitɛmu bɛɛ ka lakana kuramanw lajɛlenw sigilen don . Baarakɛlaw bɛ baara kɛ ni labanyɔrɔw ye minnu bɛ kɛnɛyako ni dosiyew ɲɛnabɔ.
2. Sɛgɛsɛgɛli dosiye jɛkulu sigicogo : Baarakɛminɛn minnu sigilen don i n’a fɔ .txt ani .log dosiyew ɲɛnabɔbaga kɔrɔw, olu lajɛ ani k’u dantigɛ baarakɛyɔrɔ bɛɛ kɔnɔ, kɛrɛnkɛrɛnnenya la labanyɔrɔw la minnu nafa ka bon.
3. Anforce least privilege : sigida ɲɛmɔgɔw ka josariyaw bɔ baarakɛlaw ka jatew jɔnjɔnw na . Hali ni RCE sɔrɔla, baarakɛlaw ka danmadɔw bɛ dɔ bɔ kosɛbɛ binkannikɛlaw ka nɔ bilali la.
4. Ka labanko dɔnni kɔrɔlenw bila sen kan : Ka labanko dɔnni ni jaabi (EDR) ɲɛnabɔcogo labɛn walasa ka Notepad ka baarakɛcogo kɛcogo kɔlɔsi, ka denmisɛnninw ka baarakɛcogo dabɔli walima ɛntɛrinɛti jɛɲɔgɔnyaw taamasiyɛn minnu tɛ deli ka kɛ.
5. Baarakɛlaw ka lafaamuyali kalan : Ka baarakɛlaw kalan ko hali sɛbɛn gansanw bɛ se ka kɛ marifa ye , ka sigasiga kɛnɛman sabati dosiye ɲininenw kan , janya mana kɛ min o min ye .

Bi jagokɛyɔrɔw bɛ se ka dɛmɛ cogo di ka dɔ bɔ i ka binkanni bɛɛ lajɛlen na ?

Nafa minnu bɛ i n’a fɔ Windows Notepad RCE, olu bɛ tiɲɛ dɔ jira min ka dun : baarakɛminɛnw tilalen don, minnu ye kɔrɔlen ye, olu bɛ lakana farati tilalen don. Tabali baarakɛminɛn wɛrɛ bɛɛ min bɛ baara kɛ baarakɛlaw ka baarakɛyɔrɔw kan, o ye fɛn ye min bɛ se ka kɛ vektɔri ye. Jɛkulu minnu bɛ jago baarakɛcogo sabati bi, sankaba-yɔrɔw kan, olu bɛ dɔ bɔ u jigi da Windows porogaramuw kan minnu sigilen don sigida la — wa u bɛ u ka binkanni yɔrɔ dɔgɔya cogo kɔrɔ la o kɛcogo la.

Platifɔmuw i n'a fɔ Mewayz, jago baarakɛminɛn 207 bɛ min kɔnɔ, baarakɛla 138.000 ni kɔ dalen bɛ min na, o bɛ kɛ sababu ye ka jɛkuluw dɛmɛ u ka CRM, porozɛ baarakɛcogo, ɛntɛrinɛti jago baarakɛcogo, kɔnɔkow pipelines, ani kiliyanw ka kumaɲɔgɔnyaw ɲɛnabɔ pewu a sigida lakananen, min sinsinnen bɛ navigatɔrɔn kan. Ni jagokɛcogo jɔnjɔnw bɛ balo sankaba infɔrɔmasiko gɛlɛnw kɔnɔ sanni ka kɛ Windows porogaramuw ye minnu sigilen don sigida la, farati min bɛ sɔrɔ gɛlɛyaw fɛ i n’a fɔ Notepad RCE, o bɛ dɔgɔya kosɛbɛ don o don baarakɛcogo la.

Ɲininkali minnu bɛ kɛ tuma caman na

Yala Windows Notepad bɛ se ka tiɲɛ hali bi ni Windows Defender bɛ n bolo wa ?

Windows Defender bɛ lakana nafama di ka bɔ exploit signature dɔntaw la, nka a tɛ patching nɔnabila ye. Ni o bɔnɛ ye zeru ye walima ni a bɛ baara kɛ ni shellcode obfuscated ye min ma dɔn fɔlɔ Defender ka bolonɔbilaw fɛ, labanyɔrɔ lakanani dɔrɔn bɛ se ka kɛ a tɛ se ka nafabɔli bali. Tuma bɛɛ ka Microsoft ka lakanani patɔrɔnw waleyali bila jɔyɔrɔ fɔlɔ la i n’a fɔ nɔgɔya fɔlɔ, ni Defender bɛ kɛ lafasalitɔn dafalen ye.

Yala nin gɛlɛya in bɛ nɔ bila Windows bɔko bɛɛ la wa ?

A jiracogo kɛrɛnkɛrɛnnen bɛ danfara ka kɛɲɛ ni Windows version ani patch level ye. Windows 10 ani Windows Server sigida minnu tɛ ni kɔsa in na fɛn kuraw dalajɛlenw ye, faratiba bɛ olu la. Windows 11 ni AppContainer-isolated Notepad bɛ ni fɛn dɔw ye minnu bɛ se ka kɛ fɛn dilanni na, hali n’olu tɛ baara kɛ diɲɛ bɛɛ kɔnɔ. Server Core installations minnu tɛ Notepad don u ka configuration default kɔnɔ, olu ye dɔ bɔ u ka jirali la. Microsoft ka Lakanali Lakanali Gafe lajɛ tuma bɛɛ walasa ka CVE baarakɛcogo kɛrɛnkɛrɛnnen dɔn.

ne bɛ se k' a dɔn cogo di ni n ka sistɛmu tiɲɛna kaban nin gɛlɛya in sababu fɛ ?

Bɛnkansɛbɛnw jiralanw ye denmisɛnninw ka baarakɛcogo makɔnɔnenw ye minnu bɛ bange notepad.exe fɛ, rezow bɔli ɲɔgɔndan minnu tɛ deli ka kɛ ka bɔ Notepad ka baarakɛcogo la, baara bolodalen kura walima sɛbɛnnikɛlan boli kilisi minnu dabɔra dosiye sikɛlen dɔ dabɔ waati lamini na, ani baarakɛlaw ka jatebɔsɛbɛn baara kɛcogo jugu min bɛ tugu sɛbɛn dabɔli ko dɔ kɔ. Windows Event Logs lajɛ, kɛrɛnkɛrɛnnenya la Lakanali ni Application logs, ani ka cross-reference kɛ ni EDR telemetry ye ni o bɛ sɔrɔ.

Ka to ɲɛfɛ ka ɲɛsin dɛsɛw ma , o bɛ kɔlɔsili ni baarakɛcogo ɲuman de wajibiya . Mewayz bɛ sigida lakananen, bi ta di i ka jago ma walasa ka baarakɛcogo sabati ani ka dɔ bɔ a jigi da tabali baarakɛminɛn kɔrɔw kan — k’a daminɛ dɔrɔmɛ 19 dɔrɔn na kalo kɔnɔ. Mewayz sɛgɛsɛgɛ app.mewayz.com kan, k’a lajɛ baarakɛla 138,000+ bɛ cogo min na jagokɛyɔrɔw jɔli minnu lakananen don, minnu bɛ baara kɛ ka ɲɛ bi.