Windows Notepad App Akyirikyiri Kood a Wɔde Di Dwuma a Ɛyɛ Den

Wɔahu Windows Notepad App Remote Code Execution (RCE) mmerɛwyɛ a ɛho hia, a ɛma ntuafo tumi yɛ koodu a wɔpɛ wɔ nhyehyɛe ahorow a ɛka ho no so denam wɔn a wɔde di dwuma no a wɔbɛdaadaa wɔn ma wɔabue fael a wɔayɛ no titiriw ara kwa so. Sɛnea saa mmerɛwyɛ yi yɛ adwuma no ntease — ne sɛnea wobɛbɔ w’adwuma nhyehyɛe ho ban — ho hia ma ahyehyɛde biara a ɛreyɛ adwuma wɔ nnɛyi ahunahuna tebea mu.

Dɛn Pɛpɛɛpɛ ne Windows Notepad Remote Code Execution Vulnerability?

Windows Notepad, a wɔde bere tenten bu no sɛ ɛyɛ barebones text editor a asiane biara nni ho a wɔde abɔ Microsoft Windows nkyerɛase biara ho no, wɔ abakɔsɛm mu no, wobu no sɛ ɛyɛ mmerɛw dodo sɛ ɛbɛkora ahobammɔ mu sintɔ ahorow a anibere wom so. Saa adwene no ada adi sɛ ɛnyɛ nokware wɔ ɔkwan a asiane wom so. Windows Notepad App Remote Code Execution mmerɛwyɛ no de mmerɛwyɛ ahorow di dwuma wɔ sɛnea Notepad hwehwɛ fael ahorow bi mu na edi memory kyekyɛ ho dwuma bere a wɔrekyerɛ nsɛm a ɛwɔ mu no.

Wɔ ne mu no, saa mmerɛwyɛ kuw yi taa fa buffer overflow anaa memory corruption flaw a ɛkanyan bere a Notepad di fael a wɔahyehyɛ no bɔne ho dwuma no ho. Sɛ ɔdefoɔ bi bue krataa a wɔayɛ no — a ɛtaa yɛ no sɛ .txt anaa log fael a asiane biara nni ho — ɔtowhfoɔ no shellcode no yɛ adwuma wɔ mprempren ɔdefoɔ no nhyiamu no mu. Esiane sɛ Notepad de nea ɔde di dwuma a wakɔ mu no tumi krataa na ɛyɛ adwuma nti, ɔtowhyɛfo betumi anya saa akontaabu no hokwan a ɛwɔ hɔ no so tumi koraa, a akenkan/kyerɛw kwan a wɔfa so kɔ fael a ɛho hia ne ntwamutam nneɛma so ka ho.

Microsoft adi ahobanbɔ ho afotuo pii a ɛfa Notepad ho dwuma wɔ nnansa yi mfeɛ mu denam ne Patch Tuesday kyinhyia so, a wɔakyerɛw mmerɛwyɛ ahorow wɔ CVEs ase a ɛka Windows 10, Windows 11, ne Windows Server nkyerɛaseɛ. Adwinnade no yɛ pɛpɛɛpɛ: parsing logic huammɔdi ahorow ma tebea horow a wobetumi de adi dwuma a ɛtwam standard memory ahobammɔ.

Ɔkwan Bɛn so na Ntua Vector no Yɛ Adwuma wɔ Wiase Ankasa Nsɛm Mu?

Ntuo nkɔnsɔnkɔnsɔn no ntease boa ahyehyɛde ahorow ma wɔkyekye ahobammɔ a etu mpɔn. Nneɛma a wɔde di dwuma a wɔtaa de di dwuma no di nnidiso nnidiso a wotumi hyɛ ho nkɔm akyi:

• Delivery: ɔtowhyɛfo no yɛ fael a ɛyɛ bɔne na ɔkyekyɛ no denam phishing email, download links a ɛyɛ bɔne, network drive a wɔakyɛ, anaa cloud storage services a asɛe so.
• Execution trigger: Nea wɔayɛ no bɔne no klik fael no so mprenu, a ebue wɔ Notepad mu default esiane Windows fael fekubɔ nhyehyɛe ma .txt, .log, ne ntrɛwmu a ɛfa ho nti.
• Memory exploitation: Notepad no parsing engine no hyia data a wɔanhyehyɛ no yie, na ɛde heap anaa stack overflow a ɛkyerɛw memory pointers a ɛho hia a attacker-controlled values.
• Shellcode execution: Wɔdan control flow kɔ payload a wɔde ahyɛ mu no so, a ebetumi atwe malware foforo, de persistence asi hɔ, ayi data afi mu, anaasɛ ɛbɛkɔ akyi wɔ network no so.
• Hokwan a ɛkɔ soro (wɔpɛ): Sɛ wɔde local privilege escalation exploit a ɛto so abien ka ho a, ɔtowhyɛfo no betumi akɔ soro afi ɔdefo nhyiam a ɛyɛ gyinapɛn so akɔ SYSTEM-level kwan so.

Nea ɛma eyi yɛ asiane titiriw ne ahotoso a ɛda adi pefee a wɔn a wɔde di dwuma no de hyɛ Notepad mu. Nea ɛnte sɛ fael ahorow a wotumi di dwuma no, adwumayɛfo a wɔn ani gye ahobammɔ ho ntaa nhwehwɛ nkrataa a wɔakyerɛw no pefee mu, na ɛma fael a wɔde ma a wɔayɛ no yiye wɔ asetra mu no tu mpɔn kɛse.

a wɔde ahyɛ mu

Nhumu Titiriw: Ɛnyɛ bere nyinaa na wohu mmerɛwyɛ a ɛyɛ hu sen biara wɔ aplikeshɔn a ɛyɛ den, a ɛhwɛ intanɛt so — ɛtaa tra nnwinnade a wogye di, da biara da a ahyehyɛde ahorow nsusuw ho da sɛ ɛyɛ ahunahuna ani. Windows Notepad yɛ adesua nwoma nhwɛsoɔ a ɛkyerɛ sɛdeɛ agyapadeɛ nsusuiɛ a ɛfa "ahobammɔ" softwea ho ma nnɛyi ntua hokwan.

Asiane a Wɔde Toto Ho Bɛn na Ɛwɔ Windows Atwa Yɛn Ho Ahyia Ahorow Mu?

Sɛnea saa mmerɛwyɛ yi mu yɛ den no gu ahorow gyina Windows tebea, ɔdefo hokwan nhyehyɛe, ne patch management gyinabea so. Enterprise mpɔtam a ɛde Windows 11 a ɛwɔ cumulative updates a aba foforo ne Microsoft Defender a wɔahyehyɛ wɔ block mode mu no hyia exposure a ɛso tew kɛse sɛ wɔde toto ahyehyɛde ahorow a ɛde Windows 10 anaa Windows Server instances dedaw, a wɔansiesie no ho a.

Wɔ Windows 11 so no, Microsoft san kyekyee Notepad a ɛwɔ nnɛyi application packaging, de yɛɛ adwuma sɛ sandboxed Microsoft Store application a AppContainer isolation wɔ nhyehyɛe ahorow bi mu. Saa nsakraeɛ a ɛwɔ adansiɛ mu yi ma wɔbrɛ aseɛ a nteaseɛ wom — sɛ mpo wɔnya RCE a, AppContainer hyeɛ no siw ɔtowhfoɔ no nan ase. Nanso, wɔmfa saa sandboxing yi nni dwuma wɔ amansan nyinaa mu wɔ Windows 11 nhyehyeɛ nyinaa mu, na Windows 10 mpɔtam hɔ nnya ahobanbɔ biara a ɛte saa default.

Ahyehyɛdeɛ a wɔagyae Windows Updates a ɛyɛ adwuma ankasa — nhyehyeɛ a ɛyɛ nwonwa a ɛtaa ba wɔ mmeaeɛ a wɔde software a ɛyɛ agyapadeɛ di dwuma — da so ara da adi berɛ tenten wɔ Microsoft ayi patches adi akyi. Asiane no dɔɔso wɔ mmeae a wɔn a wɔde di dwuma no taa de mpɔtam hɔ adwumayɛfo hokwan ahorow yɛ adwuma, nhyehyɛe a ɛto nnyinasosɛm a ɛne hokwan kakraa bi nanso ɛkɔ so tra hɔ kɛse wɔ nnwuma nketewa ne akɛse mu.

Anamɔn Bɛn Ntɛm ara na Ɛsɛ sɛ Nnwumakuw Tu De Bɛbrɛ Saa Mmɔdenbɔ Yi ase?

Adebrɛ a etu mpɔn hwehwɛ sɛ wɔfa ɔkwan a ɛwɔ ntoatoasoɔ so a ɛdi mmerɛwyɛ a ɛba ntɛm ara ne ahobanbɔ gyinabea mu nsonsonoeɛ a ɛwɔ aseɛ a ɛma dwumadie tumi yɛ yie no nyinaa ho dwuma:

1. Fa patches di dwuma ntɛm ara: Hwɛ sɛ Windows systems nyinaa wɔ cumulative security updates a aba foforo a wɔde ahyɛ mu. Fa awiei a adwumayɛfo a wɔhwɛ abɔnten nkitahodi ne fael ahorow so de di dwuma no di kan.
2. Hwɛ fael fekubɔ nhyehyeɛ ho nhwehwɛmu: Hwɛ na siw aplikeshɔn a wɔahyɛ sɛ default handlers ama .txt ne .log fael wɔ adwumakuo no nyinaa mu, titire wɔ endpoints a ɛsom boɔ kɛseɛ.
3. Hyɛ hokwan a ɛba fam koraa no mu den: Yi mpɔtam hɔ sohwɛfo hokwan ahorow fi ɔdefo akontaabu a ɛyɛ gyinapɛn mu. Sɛ mpo wonya RCE a, hokwan ahorow a anohyeto wom a ɔde di dwuma no brɛ ntuafo nkɛntɛnso ase kɛse.
4. Fa endpoint detection a ɛkɔ akyiri di dwuma: Hyehyɛ endpoint detection ne response (EDR) ano aduru de hwɛ Notepad dwumadie suban, frankaa abofra dwumadie adebɔ anaa ntwamutam nkitahodiɛ a ɛyɛ soronko.
5. Nteteeɛ a wɔde ma wɔn a wɔde di dwuma: Kyerɛkyerɛ adwumayɛfoɔ sɛ wɔbɛtumi de akodeɛ ahyɛ fael a nsɛm a ɛnyɛ den mpo mu, ahyɛ adwenem naayɛ a ɛyɛ papa a ɛwɔ fael a wɔammisa ho a ntrɛmu mfa ho.

Ɛbɛyɛ dɛn na Nnɛyi Adwumayɛbea ahorow Betumi Boa Atew Wo Ntua no Anim Nyinaa So?

Mfomso te sɛ Windows Notepad RCE si nokware bi a emu dɔ so dua: nnwinnade a emu apaapae, a ɛyɛ agyapade de ahobammɔ ho asiane a apaapae ba. Desktop application foforo biara a ɛreyɛ adwuma wɔ adwumayɛfo adwumayɛbea ahorow no yɛ vector a ebetumi aba. Ahyehyɛde ahorow a ɛka adwumayɛ dwumadi ahorow bom wɔ nnɛyi, mununkum-native platform ahorow so no tew wɔn ho a wɔde to Windows application ahorow a wɔde ahyɛ mpɔtam hɔ so — na wɔtew wɔn ntua no so wɔ ɔkwan a ntease wom so wɔ adeyɛ no mu.

Platforms te sɛ Mewayz, adwumayɛ dwumadie nhyehyɛeɛ a ɛwɔ module 207 a ɛyɛ pɛpɛɛpɛ a nnipa bɛboro 138,000 gye di, ma akuo tumi di CRM, project adwumayɛ, e-commerce dwumadie, content pipelines, ne client nkitahodi nyinaa so denam a ahobammɔ, a egyina browser so. Sɛ adwuma titiriw no te mununkum nhyehyɛe a ɛyɛ den mu sen Windows aplikeshɔn a wɔde ahyɛ mpɔtam hɔ a, asiane a mmerɛwyɛ te sɛ Notepad RCE de ba no so tew kɛse ma da biara da adwumayɛ.

Nsɛmmisa a Wɔtaa Bisa

So Windows Notepad da so ara yɛ mmerɛw sɛ mewɔ Windows Defender a wɔahyɛ no den a?

Windows Defender de ahobanbɔ a nteaseɛ wom ma wɔ exploit signatures a wonim no ho, nanso ɛnyɛ patching ananmu. Sɛ mmerɛwyɛ no yɛ zero-day anaasɛ ɛde obfuscated shellcode a Defender nsaano nkyerɛwee nnya nhui di dwuma a, ebia endpoint ahobammɔ nkutoo rensiw exploitation kwan. Bere nyinaa fa Microsoft ahobammɔ patches a wode bedi dwuma no di kan sɛ ade titiriw a wɔde bɛbrɛ ase, a Defender som sɛ ahobammɔ layer a ɛka ho.

So saa mmerɛwyɛ yi ka Windows nkyerɛase nyinaa?

Nneɛma pɔtee a wɔda no adi no gu ahorow sɛnea Windows version ne patch level te. Windows 10 ne Windows Server mpɔtam a enni nnansa yi cumulative updates no wɔ asiane kɛse mu. Windows 11 a AppContainer-isolated Notepad wom no wɔ adansi mu nneɛma bi a wɔde brɛ ase, ɛwom sɛ wɔmfa eyinom nni dwuma wɔ amansan nyinaa mu de. Server Core instɔlehyɛn a ɛnka Notepad ho wɔ wɔn default nhyehyeɛ mu no atew exposure so. Bere nyinaa hwɛ Microsoft Security Update Guide no mu hwɛ sɛnea CVE a wɔde di dwuma wɔ version pɔtee bi mu.

Mɛyɛ dɛn ahu sɛ me nhyehyɛe no ayɛ basaa dedaw denam saa mmerɛwyɛ yi so?

Nneɛma a ɛkyerɛ sɛ wɔagye atom no bi ne mmofra dwumadie a wɔnhwɛ kwan a notepad.exe de ba, ntwamutam nkitahodiɛ a ɛyɛ soronko a ɛfiri Notepad dwumadie mu, nnwuma foforɔ a wɔahyɛ da ayɛ anaa registry run safoa a wɔayɛ bɛyɛ berɛ a wɔbuee fael a ɛyɛ adwenem naayɛ, ne ɔdefoɔ akonta dwumadie a ɛntene a ɛdi krataa a wɔbue mu adeyɛ bi akyi. Hwɛ Windows Event Logs, titiriw Security ne Application logs, na fa EDR telemetry cross-reference sɛ ɛwɔ hɔ a.

Sɛ yɛbɛtena yɛn anim wɔ mmerɛwyɛ ahorow ho a, ɛhwehwɛ sɛ yɛma yɛn ani da hɔ na yɛyɛ adwumayɛ nhyehyɛe a ɛfata. Mewayz ma w'adwuma no nya ahobanbɔ, nnɛyi kwan a ɛbɛma adwumayɛ ayɛ den na atew ahotoso a ɛwɔ desktop nnwinnade a ɛwɔ hɔ dedaw so — efi ase fi $19/ɔsram pɛ. Hwehwɛ Mewayz wɔ app.mewayz.com na hwɛ sɛnea 138,000+ a wɔde di dwuma no te adwumayɛ a ahobammɔ wom, ɛyɛ adwuma yiye a wɔbɛkyekye nnɛ.