New Notepad update fixes Vault 7 privacy vulnerabilities

jayar.decenella@gmail.com' By: Jay Decenella
2 minute read

Notepad++ is one of the most popular free source text editors for its ease of use. Supporting several languages, it runs in the MS Windows ecosystem under the GPL License and uses the Win32 API and STL. That means Notepad++ has a higher execution speed and smaller file size. Security-wise, the application was among the vulnerable software programs allegedly targeted by the CIA as part of its massive surveillance program.

Developers of Notepad++ have consequently rolled out version 7.3.3 of the program to fix the vulnerability found in the Vault 7 files leaked by Wikileaks. The files contained classified documents belonging to the CIA. More specifically, Vault 7 comprised a list of popular software programs being targeted by the intelligence agency.

In addition to Notepad++, targeted programs include Google Chrome, VLC Media Player, Firefox, Opera, Kaspersky TDSS Killer, Thunderbird, LibreOffice, and Skype. While it remains unclear when the other programs would get their respective patches, the Notepad++ 7.3.3 patch is now available.

Notepad++ Patch notes

The release notes:

  • Fix CIA Hacking Notepad++ issue (https://wikileaks.org/ciav7p1/cms/page_26968090.html).
  • Patch mouse wheel to task list scroll crash bug.
  • Fix flickering issue while switching back after modifying or deleting a document from outside.
  • Support Motorola S-Record, Intel and Tektronix extended hex file formats.
  • Improve multi-line tab: maintaining the selected tab position.
  • Fix add char into word char list bug.
  • Add Shift+Enter in Find dialog for searching in the opposite direction.
  • Fix a regression that delimiter settings is not retained correctly.
  • Add clear command button in shortcut mapper.
  • Enhancement: file extension supported in Load/Save Session dialog if a session file extension is set.

The hijacked DLL refers to scilexer.dll on an infected computer. The CIA allegedly built a modified scilexer.dll to replace the genuine DLL file once Notepad++ is launched. It prevents the user from detecting the data collection process while it runs in the background.

The new update works to check the certificate validation in scilexer.dll before loading it. Otherwise, Notepad++ will fail to launch. You can download the latest patch from the Notepad++ website.

RELATED STORIES YOU NEED TO CHECK OUT:

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patended Technologies (requires upgrade).

Discussions

Next up

Best Windows 10 antivirus software to use in 2018

By: Radu Tyrsina
7 minute read

Update – 2018 will soon come to an end and we already have a guide on what is the best antivirus you should get in […]

Continue Reading

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading