Notepad++, the widely used free source code editor, has released a critical update to address a security flaw in its software updater that could allow attackers to redirect update traffic and install malicious files.
The issue was initially reported in early December by cybersecurity researcher Kevin Beaumont, who noted that several organizations using Notepad++ had experienced security incidents linked to the editor’s update mechanism. According to Beaumont, the attacks appeared to target telecom and financial firms in East Asia, with potential involvement from threat actors operating in China.
Notepad++ developers had already acknowledged the risk in mid-November, highlighting in the release notes for version 8.8.8 a security enhancement designed to prevent hijacking of the updater. The subsequent release, version 8.8.9, includes additional protections that verify the integrity and authenticity of downloaded updates.
The vulnerability affected WinGUp, the component responsible for delivering updates. In some cases, traffic from the updater was redirected to malicious servers, leading to compromised executable files being installed on affected systems. Investigators determined that the flaw allowed attackers to exploit weaknesses in how the updater validated update files.
A Notepad++ spokesperson explained, “If an attacker can intercept network traffic between the updater and our servers, they could potentially prompt the updater to download and execute an unauthorized binary instead of the legitimate update.”
The latest update now ensures that both Notepad++ and WinGUp verify digital signatures of update files. Any update failing the verification process will not be installed, significantly reducing the risk of malicious installation. However, the exact method used by attackers to hijack traffic in the wild has not yet been confirmed.
Beaumont described the incident as a potential supply chain attack, suggesting that hijacking could occur at the ISP level. He noted that such attacks require substantial resources, implying that large-scale exploitation may be limited.
Users are strongly advised to update to Notepad++ version 8.8.9 or later to ensure their systems remain secure and to avoid downloading updates from unverified sources.
