Windows PCs Can Be Hacked Using Notepad

You’d think that Notepad, the basic software that it is, is among the most innocuous among Windows’ most popular apps. And yet this simple program can be used to take complete control of a Windows PC.


To be fair, Notepad itself isn’t the problem as far as security is concerned. According to Tavis Ormandy, a security researcher from Google Project Zero, the issue lies with a component in Windows’ Text Services Framework, which manages keyboard layouts and text input. Specifically, the component known as CTextFramework (CTF), which dates back all the way to the days of Windows XP.

Ormandy says that CTF is full of flaws which can be exploited through applications that rely on it to display text on screen. As such, Ormandy demonstrated the process of doing so with the humble Notepad, gaining System-level privileges. Granted, this kind of hacking requires the hacker to have physical access to your Windows PC.

According to Ormandy, there are plenty of legacy bugs like this one that go unnoticed for years. For what it’s worth, this particular flaw is officially designated CVE-2019-1162, and has since been patched by Microsoft.

(Source: The Register, Microsoft)








RELATED: Lenovo To Ship Out IdeaPad Notebooks and AIO PC Pre-Installed with Microsoft Office

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.