Notepad++ Flaw Allows Attackers to Hijack Update Traffic and Deploy Malware

[harlan4096]

The development team behind the popular text editor Notepad++ has released version 8.8.9 to address a critical security flaw that could allow traffic hijacking.

This vulnerability affects the software’s update mechanism, potentially allowing attackers to intercept network traffic and install malicious software on users’ systems.

Notepad++ Flaw

Security experts recently reported incidents in which the Notepad++ updater, known as WinGUp, was compromised to redirect traffic to malicious servers.

Investigations revealed a weakness in how the updater validated the authenticity of downloaded files.

In a standard attack scenario, threat actors could intercept the network traffic between the updater client and the Notepad++ infrastructure.

By leveraging this validation weakness, attackers could force the updater to download and execute a compromised binary instead of the legitimate update file.

This “Man-in-the-Middle” (MitM) style attack effectively bypasses the user’s trust in the software’s automated update process.

To combat this threat, the Notepad++ team has introduced significant security enhancements in version 8.8.9.

The updater has been hardened to strictly verify both the digital signature and the certificate of any installer before execution.

If this verification step fails, the update process is immediately aborted to protect the user.

Additionally, the developers noted that, starting with version 8.8.7, all Notepad++ binaries are digitally signed with a legitimate GlobalSign certificate.

Continue Reading...