A Google Project Zero researcher has discovered a memory corruption bug in the Microsoft’s Windows Notepad application, which can be used to open remote shell access – typically a first step for attackers infiltrating a system.
The researcher noted in a tweet that that the bug was tied to a memory corruption flaw in Notepad, a basic text editor that has shipped on all versions of Windows since 1985. He added that more details of the bug would be revealed in 90 days, as part of Google’s Project Zero’s disclosure policy, or after Microsoft patches the bug.
“All I can say it’s a serious security bug, and we’ve given Microsoft up to 90 days to address it (as we do with all the vulns we report). That’s all I can share,” he wrote in a tweet.