Start your free trial today.
Protect your organization with cutting-edge cybersecurity solutions designed for resilience and efficiency. Secure your digital assets with confidence.
Your Shield Against Threats
Unleash the Power of Cybersecurity
Boost Your Security, Enhance Your Business
We solve Your Cyber Challenges
Quick Links
Resources
Deepaegis Portals
2025 Deepaegis. All Rights Reserved.
In Notepad++ version 8.8.1 and earlier, a privilege escalation vulnerability exists in the installer due to uncontrolled search path execution. Attackers may trick users via social engineering or clickjacking to place both the official installer and a malicious .exe in a vulnerable directory (e.g., Downloads). When the installer is executed, the malicious executable runs with SYSTEM-level privileges.
Attackers can gain SYSTEM-level privileges Compromise of system integrity and confidentiality Could lead to full system control if exploited Exploitable by any user with access to the system
Notepad++ v8.8.1 and earlier
Affected Version: 8.1
Issue fixed in Notepad++ v8.8.2
Do not run installers from common directories (Downloads) Remove untrusted files before executing installers
Upgrade to v8.8.2 or later Use least privilege principles for installer execution Apply endpoint protection with behavioral detection
Monitor installation directories for untrusted files Log and alert on executions of installers from insecure paths
Not specified
Not specified
No references provided
No affected organizations specified
This document contains sensitive information. Unauthorized distribution is prohibited.