Technology

Microsoft confirms 8.8-rated security issue in Windows 11 Notepad due to modernization efforts, Patch Tuesday fix rolling out

Source

Windows Latest

Published

Feb 11, 2026

TL;DR

AI Generated

Microsoft has confirmed a critical Remote Code Execution vulnerability in the modern Notepad app on Windows 11, impacting its Markdown rendering and clickable links. The flaw, rated 8.8, could allow remote attackers to execute code on a PC if a user interacts with a specially crafted Markdown file. The issue arises from improper handling of special elements in commands, enabling the execution of remote content. Fortunately, Microsoft is rolling out a fix as part of the February 2026 Patch Tuesday update. While there have been no observed exploits, users are urged to remain cautious, as the vulnerability requires only user interaction to trigger.

Read Full Article

Windows 11 KB5083631 out with Xbox mode, faster performance (direct download links .msu)

Windows 11 KB5083631 introduces Xbox mode for regular PCs, a more reliable File Explorer, faster startup apps, and more. This optional update can be downloaded via Windows Update or through direct download links provided by Microsoft. The update includes early features from Microsoft's Windows K2 project aimed at enhancing Windows 11. Xbox mode brings a console-like gaming experience to Windows 11, optimized for controllers. Additionally, File Explorer improvements ensure consistent folder views across applications.

Windows Latest•

18 hours ago

The most severe Linux threat to surface in years catches the world flat-footed

A critical Linux vulnerability, named CopyFail (CVE-2026-31431), has been disclosed by security researchers, allowing unprivileged users to gain root access across various Linux distributions. The exploit code, released by Theori, works universally without modification, posing a significant threat to data centers and personal devices. While the Linux kernel security team patched the vulnerability in several versions, many distributions had not yet implemented the fixes at the time of the exploit's release. This flaw enables attackers to execute malicious activities like hacking multi-tenant systems and creating backdoors, emphasizing the severity of the issue.

Ars Technica•

22 hours ago

Open source package with 1 million monthly downloads stole user credentials

A widely used open source package with 1 million monthly downloads was compromised by threat actors exploiting a vulnerability in the developers’ account workflow, granting access to sensitive information. The malicious package, element-data 0.23.3, was distributed to users, collecting user credentials, API tokens, and more. Users who installed this version are advised to consider their credentials compromised. The attackers gained access through a GitHub action, allowing them to publish the malicious package. The developers swiftly removed the package, rotated credentials, and fixed the vulnerability.

Ars Technica•

3 days ago

Microsoft drops Copilot branding in Notepad for Windows 11 for everyone, but it’s really just a rename

Microsoft has removed the Copilot branding from Notepad in Windows 11, renaming it to 'Writing Tools' as part of reducing unnecessary Copilot entry points. Despite the name change, AI integration remains in Notepad, with features like text rewriting and summarization still available. Microsoft is continuing to incorporate AI in Windows 11, with plans to add agents to the taskbar as an optional feature. Meanwhile, the Snipping Tool in Windows 11 has completely dropped AI integration, offering a different approach compared to Notepad.