The integration of AI features in Windows 11 has unexpectedly resulted in a security issue: a serious vulnerability has been discovered in the default Notepad application. The flaw allows an attacker to execute arbitrary code on a victim's device and gain the same access rights as the current user.

The vulnerability stems from support for Markdown, a new markup format that makes links in text active and clickable. Opening a specially crafted file in Notepad can launch malicious code remotely. Previously, such a scenario was impossible because the application did not process such elements.

The feature's introduction is linked to the introduction of Copilot-based tools into Microsoft products. The company has acknowledged the vulnerability and announced that it is already distributing a fix in the latest security update.