In recent months, Microsoft Windows 11 has faced a number of weird and unusual security issues, bugs and glitches that have broken basic functionality for countless users who rely on the operating system to run their business, without robust IT support teams to help.

In January 2026, Microsoft issued two updates outside of its typical schedule in order to fix boot errors and problems relating to the stability of Windows integration of its two cloud services: OneDrive and Dropbox.

This issue and the significant criticism that Microsoft has faced have led to a change in its approach to updates, with Windows Central claiming it is rethinking and scaling back its integration of AI and instead focusing on the pain points users have with it.

However, one ramification of this previous approach is that even the most basic and foundational of system software has become an avenue for additional features and just as additional vulnerabilities.

Even Windows Notepad has fundamentally changed, expanded in features and become an incredibly unusual vector for potential data breaches, which highlights the novel ways in which security and the role of IT have changed in recent years.

What Is Notepad And Why Does It Matter?

Everyone who uses a Windows computer will have access to Notepad, but far fewer will have used it deliberately. However, for technical support teams, programmers and software engineers, Notepad has been a lifeline.

At its core, Notepad is a very basic text editor. It historically had no support for formatting, tables or any layout more complicated than text alignment. Instead, these features were typically found in Wordpad and Word.

The big advantage for Notepad is that because it is so basic, it can open practically any file format ever created, which means that it was often used to read log files, change system settings files (typically in formats such as INI files) and do basic programming and coding.

Its basic feature set and reliability meant that it was often used in troubleshooting to fix a computer that was not working properly ordinarily. It could also be used to create basic multi-step processes, such as batch files. This allows for basic automation of simple tasks.

This means that, besides being useful in its own right for jotting down shopping lists and small but important pieces of information you need as part of your job but that do not need to be secure, they are used by tech support teams for small but vital jobs.

So where did it all go wrong?

How Did Notepad Lead to IT Vulnerabilities?

Notepad predates Microsoft Windows by two years, and as essentially a piece of system software, it has built a reputation as a basic, reliable piece of software. It is to tech support what a Philips-head screwdriver is to a technician; it is a basic tool that has been iterated on and updated over the years, but it is also trustworthy and reliable.

Whilst additional features being added to Notepad are not entirely without precedent, the final integration of Notepad into the Windows Store in 2022 led to several substantial and fundamentally changing features being added to Notepad.

Feature-richness is a double-edged sword, particularly if it includes the integration of formatting tools such as Markdown, tabs, dark mode, Microsoft Store integration, and integration with AI chatbot Copilot.

Adding features adds the risk of vulnerabilities, and this came to pass with an exploit discovered within the features recently added to Notepad.

The Notepad Exploit

How the exploit works is that a user receives a Markdown file with a link in it that looks innocuous, which uses the network access Notepad has to affect the computer itself using whatever access the user has to scrape data, delete files or install software remotely that can compromise the computer.

The exploit is complex and relies on a degree of social engineering, which means that basic security principles and being cautious of anything on a computer you neither recognise nor trust entirely. It is the type of exploit an IT system is likely to spot.

Why Does The Notepad Exploit Matter?

It ultimately matters because it highlights a significant oversight found with Microsoft’s feature-focused updates.

Instead of ensuring that the core system is a functional, reliable and safe platform for IT engineers to install the right tools onto later, there is an insistence on loading additional unnecessary features by default that users neither asked for nor necessarily wanted.

Nobody was asking for Notepad to have AI integration, tables or formatting. The people who did want this used Wordpad, a now-defunct application which served as a lightweight word processor.

If basic tools are being compromised in the name of feature creep, the job of IT staff may become more difficult in the future.

Main Logo
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.