Hacker News

Windows Notepad App Fa'asinoala Mamao Fa'atinoina Fa'aletonu

Windows Notepad App Fa'asinoala Mamao Fa'atinoina Fa'aletonu O lenei au'ili'iliga fa'apitoa o fa'amalama o lo'o tu'uina atu ai su'esu'ega au'ili'ili o ona vaega autu ma fa'auiga lautele. Vaega Autu e Taulai Atu O le talanoaga e fa'atatau i: Faiga autu...

11 min read Via www.cve.org

Mewayz Team

Editorial Team

Hacker News

Ua fa'ailoaina se fa'aletonu mata'utia a le Windows Notepad App Remote Code Execution (RCE), e mafai ai e tagata osofa'i ona fa'atino tulafono fa'atonu i faiga ua a'afia e ala i le fa'a'ole'ole o tagata fa'aoga e tatala se faila fa'apitoa. O le malamalama pe fa'afefea ona galue lenei fa'aletonu - ma le auala e puipuia ai au atina'e pisinisi - e mana'omia mo so'o se fa'alapotopotoga o lo'o fa'agaoioia i le fa'alavelave fa'amata'u i aso nei.

O le a tonu le fa'aletonu ole Windows Notepad Remote Code Execution Vulnerability?

Windows Notepad, ua leva ona manatu ose fa'atonu tusitusiga e leai se afaina, fa'apipi'i fa'atasi ma fa'aliliuga uma o Microsoft Windows, ua leva ona manatu fa'asolopito e faigofie tele e teu ai ni fa'aletonu matuia. O lena manatu ua faamaonia e matua le sa'o. O le fa'aletonu ole Windows Notepad App Remote Code Execution e fa'aogaina vaivaiga i le fa'avasegaina e le Notepad o nisi o faila faila ma fa'atautaia le vaevaega o mea e manatua i le taimi o le fa'aliliuina o fa'amatalaga.

I lona autu, o lenei vasega o fa'aletonu e masani lava ona aofia ai sefa'amama pa'u po'o le fa'aletonu o mafaufauga fa'aletonufa'aosoina pe a fa'agasolo e le Notepad se faila leaga fa'atulagaina. Pe a tatalaina e se tagata faʻaoga le pepa faʻapipiʻi - e masani ona faʻaalia e pei o se .txt e le afaina poʻo se faila ogalaau - o le shellcode a le tagata osofaʻi e faʻatino i le tulaga o le vasega o loʻo iai nei. Talu ai o le Notepad e fa'agasolo fa'atasi ma fa'atagaga a le tagata e fa'aoga i totonu, e mafai e le tagata osofa'i ona maua le fa'atonuga atoatoa o aia tatau avanoa a lena teugatupe, e aofia ai le faitau/tusi le avanoa i faila ma'ale'ale ma punaoa feso'otaiga.

Microsoft ua fa'atalanoaina le tele o fautuaga mo le saogalemu e feso'ota'i ma Notepad i tausaga talu ai e ala i ana ta'amilosaga o le Patch Tuesday, fa'atasi ai ma fa'aletonu o lo'o fa'avasegaina i lalo o CVEs e a'afia ai Windows 10, Windows 11, ma Windows Server editions. O lo'o tumau pea le faiga: fa'aletonu le fa'avasegaina o manatu fa'atupu fa'alavelave fa'aogaina e fa'aalo ai puipuiga masani e manatua.

E fa'afefea ona galue le Attack Vector i Fa'aaliga Moni i le Lalolagi?

O le malamalama i le filifili osofa'i e fesoasoani i fa'alapotopotoga e fausia ni puipuiga sili atu ona lelei. O se fa'ata'ita'iga masani fa'aoga e mulimulita'i i se fa'asologa fa'apitoa:

  • Auina atu: O lo'o faia e le tagata osofa'i se faila leaga ma tufatufa atu e ala i imeli phishing, feso'ota'iga leaga e la'u mai ai, feso'ota'iga feso'ota'iga fefa'asoaa'i, po'o auaunaga fa'aputu i le ao ua fa'aletonu.
  • Fa'ailo fa'atupu: O le tagata manua e kiliki fa'alua le faila, lea e matala ile Notepad ona o le fa'aogaina o faila faila a le Windows mo .txt, .log, ma fa'aopoopoga fa'atatau.
  • Fa'aoga o mea e manatua: O le afi a le Notepad e fa'asalaina ai fa'amatalaga fa'aletonu, ma mafua ai le fa'aputu po'o le fa'aputu o lo'o fa'asolo ai fa'ailoga taua e manatua ai fa'atauga e pulea e tagata osofa'i.
  • Shellcode execution: Pulea le tafe e toe fa'asaga i le uta fa'apipi'i, lea e ono la'u mai ai nisi malware, fa'atupu le fa'aauau, aveese fa'amaumauga, pe fa'agasolo i tua i luga ole feso'otaiga.
  • Fa'ateleina avanoa (filifiliga): Afai e tu'ufa'atasia ma se fa'asili lona lua fa'alotoifale fa'ateleina fa'amanuiaga, e mafai e le tagata osofa'i ona si'i a'e mai se vasega masani a tagata fa'aoga i le SYSTEM-level access.

O le a le mea e sili ona mataʻutia o le tuʻuina atu e tagata faʻalagolago i le Notepad. E le pei o faila e mafai ona fa'atinoina, e seasea su'esu'eina e tagata faigaluega e fa'amanino le saogalemu o fa'amaumauga, ma fa'afaigofie ai le tu'uina atu o faila fa'aagafesootai.

Malamalamaaga Autu: O faʻafitauli sili ona mataʻutia e le o taimi uma e maua ai i faʻamatalaga lavelave, faʻasaga i luga ole initaneti - e masani ona latou nonofo i meafaigaluega faʻalagolago i aso uma e leʻi manatu faʻalapotopotoga o se faʻamataʻu. O le Windows Notepad o se fa'ata'ita'iga tusi a'oa'oga i le fa'atupuina o avanoa fa'aonaponei ona o manatu fa'aletuaga e uiga i le "saogalemu" software.

O a Tulaga Fa'atusatusaga i Si'osi'omaga Eseese Pupuni?

O le ogaoga o lenei fa'afitauli e fesuisuia'i e fa'atatau i le si'osi'omaga o le Windows, fa'avasegaga fa'apitoa mo tagata fa'aoga, ma le fa'atonuga o le fa'atonutonuina o patch. Si'osi'omaga atina'e o lo'o fa'agaoioia Windows 11 fa'atasi ai ma fa'afouga fa'aputu'e fou ma Microsoft Defender ua fa'atulagaina i le poloka poloka e fa'aitiitiina le fa'aalia pe a fa'atusatusa i fa'alapotopotoga tuai, e le'i fa'apipi'iina Windows 10 po'o Windows Server instance.

💡 DID YOU KNOW?

Mewayz replaces 8+ business tools in one platform

CRM · Invoicing · HR · Projects · Booking · eCommerce · POS · Analytics. Free forever plan available.

Start Free →

O luga o le Windows 11, na toe fausia e Microsoft le Notepad fa'atasi ai ma le afifiina o talosaga fa'aonaponei, o lo'o fa'agaioia e pei o se pusa oneone a Microsoft Store fa'atasi ai ma le AppContainer tu'u'ese'ese i nisi fa'atonuga. O lenei suiga faufale e maua ai le fa'aitiitiga anoa - tusa lava pe ausia RCE, o le tulaga o le osofa'i e taofiofia e le tuaoi o le AppContainer. Ae ui i lea, o lenei sandboxing e le o fa'aogaina lautele i mea uma Windows 11 fetuutuunaiga, ma Windows 10 siosiomaga e le maua se puipuiga faapena ona o le faaletonu.

O fa'alapotopotoga ua fa'aletonu Windows Updates otometi - ose fa'ate'ia masani fa'aopoopo i si'osi'omaga o lo'o fa'agaioia polokalama fa'agasolo - e tumau pea ona fa'aalia i se taimi umi talu ona fa'amatu'u mai e Microsoft patch. E fa'ateleina le fa'alavelave i totonu o si'osi'omaga e masani ona fa'agaioi ai tagata fa'aoga fa'atasi ai ma fa'amanuiaga fa'apitonu'u, o se fa'atulagaga e soli ai le fa'avae o le fa'atauva'a fa'atauva'a ae fa'aauau pea i pisinisi laiti ma feololo.

O a La'asaga Fa'anatinati e Tatau Ona Fai e Pisinisi e Fa'aitiitia ai Lenei Fa'afitauli?

O le fa'amama lelei e mana'omia ai se faiga fa'avasega e fa'afetauia uma le fa'alavelave fa'afuase'i fa'apea fo'i va'a fa'avae o le puipuiga e mafai ai ona fa'aogaina:

  1. Fa'aoga vave patch: Fa'amautinoa o lo'o i ai fa'afouga saogalemu fa'aopoopo fa'aopoopo uma fa'apipi'i. Fa'amuamua pito i'uga o lo'o fa'aogaina e tagata faigaluega o lo'o fa'atautaia feso'ota'iga i fafo ma faila.
  2. Su'e su'esu'e fa'atasi o faila: Toe iloilo ma fa'atapula'a po'o fea tusi talosaga e fa'atutuina e fai ma fa'agaoioiga fa'aletonu mo faila .txt ma le .log i totonu o le atina'e, ae maise i fa'ai'uga maualuga.
  3. Fa'amalo fa'atauva'a: Ave'ese aia tatau fa'apitonu'u mai fa'amatalaga masani a tagata fa'aoga. E tusa lava pe maua le RCE, fa'atapula'aina avanoa fa'aoga e matua fa'aitiitia ai le a'afiaga o le au osofa'i.
  4. Fa'atu le su'esu'ega pito i'u: Fa'atulaga fofo o le su'esu'eina ma le tali (EDR) e mata'itū ai amioga fa'agasolo a le Notepad, fa'ailogaina o le fa'agasologa o faiga a tamaiti po'o feso'ota'iga feso'ota'iga.
  5. A'oa'oga fa'alauiloa mo tagata fa'aoga: Fa'aa'oa'o tagata faigaluega e o'o lava i faila fa'amatalaga manino e mafai ona fa'aaupegaina, fa'amalosia ai se masalosaloga lelei i faila e le'i talosagaina e tusa lava po'o le a le fa'aopoopoga.

E Fa'afefea ona Fesoasoani Fa'aonaponei Pisinisi Fa'aonaponei e Fa'aiti'itia Lau Aofa'iga Aotelega?

O fa'aletonu e pei o le Windows Notepad RCE o lo'o fa'amamafaina ai se mea moni loloto: vaevaega, mea faigaluega fa'aleaganu'u e fa'atupuina fa'alavelave saogalemu. So'o se fa'aoga fa'aopoopo i luga o le komepiuta o lo'o fa'aogaina i luga o fale faigaluega a tagata faigaluega o se ve'a fa'aletonu. O fa'alapotopotoga o lo'o tu'ufa'atasia galuega fa'apisinisi i luga o fa'aonaponei fa'aonaponei fa'aonaponei e fa'aitiitia ai lo latou fa'alagolago i polokalame fa'apipi'i fa'apitonu'u a le Windows — ma fa'aitiitiga fa'aiti'itia a latou osofa'iga i le faagasologa.

Faiga e pei o Mewayz, ose faiga fa'apisinisi e 207-module e fa'atuatuaina e le silia ma le 138,000 tagata fa'aoga, e mafai ai e 'au ona fa'atautaia le CRM, galuega fa'atino, fa'agaioiga e-pisinisi, fa'asologa o mea e fa'atatau i feso'ota'iga atoa, ma feso'ota'iga saogalemu a tagata fa'atau. Pe a ola galuega autu pisinisi i totonu o le ao maaa nai lo mea fa'apipi'i fa'apitonu'u a Windows, o le fa'alavelave fa'aletonu e pei o le Notepad RCE e matua fa'aitiitia mo galuega i lea aso ma lea aso.

Fesili e Fai soo

O fa'aletonu pea le Windows Notepad pe afai ua fa'aaga e le Windows Defender?

E maua ai e le Windows Defender se puipuiga 'anoa mai saini fa'aoga masani, ae e le o se mea e suitulaga i le fa'apipi'i. Afai ole a'afia ole a'afia ole aso ole po'o le fa'aogaina ole shellcode e le'i iloa e saini a Defender, na'o le puipuiga ole pito e le mafai ona poloka le fa'aogaina. Fa'amua i taimi uma le fa'aogaina o patches saogalemu a Microsoft e fai ma fa'ama'i fa'amuamua, fa'atasi ai ma le Defender o lo'o avea o se vaega puipui lagolago.

E a'afia ai ituaiga uma o Windows i lenei fa'aletonu?

O le fa'aaliga fa'apitoa e fesuisuia'i ile fa'asologa o le Windows ma le tulaga fa'apipi'i. Windows 10 ma Windows Server si'osi'omaga e aunoa ma ni fa'afouga fa'aopoopo lata mai o lo'o i ai i se tulaga maualuga atu. Windows 11 faʻatasi ma le AppContainer-isolated Notepad o loʻo i ai ni faʻataʻitaʻiga faʻataʻitaʻiga, e ui lava e le o faʻaogaina i le lautele. O mea fa'apipi'i a le Server Core e le'o aofia ai le Notepad i la latou fa'aoga fa'aletonu ua fa'aitiitia ai le fa'aalia. Siaki i taimi uma le Microsoft's Security Update Guide mo le fa'aogaina o le CVE fa'apitoa.

E fa'afefea ona ou iloa pe ua uma ona fa'aletonu la'u polokalama ona o lenei fa'aletonu?

Fa'ailoga o le fetuutuuna'i e aofia ai faiga fa'afuase'i a tamaiti fa'atupuina e notepad.exe, feso'ota'iga feso'ota'iga e le masani ai i fafo mai le fa'agaioiga a le Notepad, galuega fou fa'atulagaina po'o ki e fa'agasolo ai le resitara na faia i le taimi na tatala ai se faila masalomia, ma fa'agaoioiga fa'amatalaga fa'amatalaga a tagata fa'aoga i le mae'a ai o se fa'aaliga tatala pepa. Toe iloilo Windows Event Logs, aemaise lava Security and Application logs, ma fa'afeso'ota'i ma EDR telemetry pe a maua.

O le tumau i luma o fa'aletonu e mana'omia uma le mataala ma le sa'o o galuega fa'atino. Mewayz e tu'uina atu i lau pisinisi se tulaga saogalemu, fa'aonaponei fa'aonaponei e fa'amautu fa'agaioiga ma fa'aitiitia le fa'alagolago i meafaigaluega fa'akomepiuta tuai — e amata i le na'o le $19/masina. Su'esu'e Mewayz i le app.mewayz.comma va'ai pe fa'afefea ona fa'aoga lelei le 138 pisinisi, faufale i aso nei.

Try Mewayz Free

All-in-one platform for CRM, invoicing, projects, HR & more. No credit card required.

Start Free Try Demo

Start managing your business smarter today

Join 30,000+ businesses. Free forever plan · No credit card required.

Start Free → Watch Demo
Found this useful? Share it.
X / Twitter LinkedIn Facebook WhatsApp

Ready to put this into practice?

Join 30,000+ businesses using Mewayz. Free forever plan — no credit card required.

Start Free Trial →

Related articles

Hacker News

Rob Pike's 5 Rules of Programming

Mar 18, 2026

Hacker News

ASCII and Unicode quotation marks (2007)

Mar 16, 2026

Hacker News

Federal Right to Privacy Act – Draft legislation

Mar 16, 2026

Hacker News

How I write software with LLMs

Mar 16, 2026

Hacker News

Quillx is an open standard for disclosing AI involvement in software projects

Mar 16, 2026

Hacker News

What is agentic engineering?

Mar 16, 2026

Ready to take action?

Start your free Mewayz trial today

All-in-one business platform. No credit card required.

Start Free →

14-day free trial · No credit card · Cancel anytime