Memory Corruption Zero-Day Bug Found In Windows Notepad App


Security researcher Tavis Ormandy, who is a part of the Google Project Zero team, has already unearthed some serious bugs and threats in the past. This time, he found a new zero-day vulnerability in the Notepad app which affects users of the Windows operating system.

The zero-day exploit can be used to open a Windows CMD window from within the Notepad app. Ormandy explains that this is clearly a  exploit because the attacker can’t correctly click dialogs, which means it’s not a security bug.

“This is a real bug,” he said in multiple tweets as some people believed he was just playing around and right-clicking stuff.

Soon, some started to figure out a name for the exploit. As far as Ormandy is concerned, he is informally calling it “Notebad.”

Microsoft has already been notified about the zero-day exploit bug. No further details have been provided in the tweet, including which Windows versions have been affected. That’s because Google’s Project team has given a 90-day non-disclosure deadline to Microsoft so that the company can work on a security patch.

However, Ormandy said that he has managed to create a remote code execution exploit using the bug. He plans to publish the exploits and the details of the Notepad zero-day bug in a blog post as soon as Microsoft releases a patch for the same or the deadline ends. The bug will also be fully documented on a publically available bug tracker.

Also Read: Cheating In Exams? This AI Program Will Catch You With 90% Accuracy
Aditya Tiwari

Aditya Tiwari

Aditya likes to cover topics related to Microsoft, Windows 10, Apple Watch, and interesting gadgets. But when he is not working, you can find him binge-watching random videos on YouTube (after he has wasted an hour on Netflix trying to find a good show). Reach out at [email protected]
More From Fossbytes

Latest On Fossbytes

Find your dream job