Justin Pot Editorial Author
Experience
Justin Pot is a freelance journalist who helps people get more out of technology.
If you've ever searched online for a specific tech problem you've read Justin's work, because he's been doing it for a long time. Since 2009, he has written tutorials and essays about technology for outlets including WIRED, The Atlantic, PCMag, Popular Science, How-to Geek, and The Wall Street Journal. For Lifehacker, he mostly writes about software, with a particular focus on open source programs and indie apps.
Justin has a bachelor's degree in Communications and International Relations. He once worked in marketing for a software company and hated it, but it did teach him a lot about why software tends to get worse over time in large companies. He lives in Oregon with his cat (and his wife). He enjoys brewing beer, exploring nature, and spending time with friends. You can follow Justin on Mastodon and Bluesky, or sign up for his newsletter, Connectivity.
February 17, 2026
Add as a preferred source on Google
Credit: aileenchik/Shutterstock
Key Takeaways
- Microsoft patched a security flaw with Notepad that left users vulnerable to exploits.
- Users could click a malicious link inside a Markdown file in Notepad that would allow attackers to run arbitrary code.
- Microsoft's push to add AI features to its OS may be contributing to the rise in bugs and security flaws.
- Users can protect themselves by installing Microsoft's latest security update, which includes the patch for this Notepad glitch.
Table of Contents
AI-related changes to Notepad—yes, that Notepad—allowed attackers to execute arbitrary code on your computer. The vulnerability was related to Markdown support, which was added last year. Markdown is a simple way to add formatting, including links, to plaintext documents—and links were the source of the vulnerability.
"An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files," according to the security response notice.
Markdown has long been popular in certain parts of the internet—anyone who occasionally comments on Reddit or chats using Discord is likely at least a little familiar with it. But the markup language has become even more important in the age of AI—most documents are converted to plain text Markdown files to train models.
Microsoft is patching more bugs than ever in Windows 11
Markdown support was added around the same time Copilot was integrated into Notepad, as part of a broader push to add AI to every corner of the operating system. And there's an argument to be made that all these AI additions are adding up to new vulnerabilities. Microsoft patched 1,129 bugs in 2025 according to Krebs on Security, a prominent cybersecurity blog. That's an 11.9% increase over the previous year, which was already unusually high. Microsoft itself admits that AI agents will open up new vulnerabilities, even as the company adds them to Windows.
What do you think so far?
This is all to say that installing security updates is likely more important now than ever. Sure, you could disable all AI features in Windows, but that's unlikely to protect you from all the new vulnerabilities—installing Linux might, though.
How to patch this Notepad vulnerability
Credit: Justin Pot
Luckily for Windows users, this vulnerability was fixed in Microsoft's February 2026 security update. To find out if you've installed it, open the Settings app, head to "Windows Update," then check if an update labeled "2026-02 Security Update" is waiting to be installed. If so, click the "Restart Now" button to install the update.
The Download Newsletter Never miss a tech story
Jake Peterson
Get the latest tech news, reviews, and advice from Jake and the team.
The Download NewsletterNever miss a tech story. Get the latest tech news, reviews, and advice from Jake and the team.
English (US) · 
