Headline is a little misleading imo -- the vulnerability isn't in Notepad++ itself as much as its installer. Current users, I imagine, don't have anything to worry about.
From a small bit of skimming, sounds like it's a user escalation vector, where a low privileged user can run the installer in a contrived manner to achieve privilege escalation.
I wanted to say the installer has no business running things as SYSTEM but I suppose there is no way around that for registering COM DLLs. I would think Attackers would need to chain this with a Uac bypass (or be fortunate enough to find Uac disabled). If Uac is setup right, administrative operations like regsvr32 should require going through consent.exe's prompt. Uac bypasses are plenty but systems can be configured to mitigate them (at least the ones I know of). Social engineering is also another good way to bypass Uac.
7 comments
[ 0.19 ms ] story [ 24.3 ms ] threadFrom a small bit of skimming, sounds like it's a user escalation vector, where a low privileged user can run the installer in a contrived manner to achieve privilege escalation.
https://github.com/notepad-plus-plus/notepad-plus-plus/secur...
So for my personal install, nothing to worry about here...