{"id":216757,"date":"2026-02-18T07:41:00","date_gmt":"2026-02-18T12:41:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/notepad-declares-new-update-process-unexploitable-the-register\/"},"modified":"2026-02-23T23:30:11","modified_gmt":"2026-02-24T04:30:11","slug":"notepad-declares-new-update-process-unexploitable-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/notepad-declares-new-update-process-unexploitable-the-register\/","title":{"rendered":"Notepad++ declares new update process &#8216;unexploitable&#8217; \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/18\/notepadplusplus_security_update\/\">Notepad++ declares new update process &#8216;unexploitable&#8217; \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/18\/notepadplusplus_security_update\/\">https:\/\/www.theregister.com\/2026\/02\/18\/notepadplusplus_security_update\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-18 07:41:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>Notepad++ has continued beefing up security with a release the project&#8217;s author claims makes the &#8220;update process robust and effectively unexploitable.&#8221;<\/p>\n<p>Version 8.9.2 adds verification of the signed XML returned by notepad-plus-plus.org. Combined with verification of the signed installer, introduced in version 8.8.9, the update process now validates both the instructions and the payload &#8211; the basis for the &#8220;unexploitable&#8221; claim.<\/p>\n<p>According to the project&#8217;s author, a state-sponsored cybercriminal compromised the editor&#8217;s update service. Security researchers attributed the attack to a Chinese government-linked espionage crew called Lotus Blossom. The hack selectively redirected some update traffic to an attacker-controlled site serving malware disguised as a legitimate update to victims.<\/p>\n<p>A &#8220;hardened&#8221; version of the editor was released on December 9, 2025, followed by a release that dropped the use of a self-signed certificate on December 27. With laudable transparency, the project&#8217;s author followed up the releases with a post explaining what had happened, stating that the upcoming version 8.9.2 would enforce certificate and signature verification. Less than a month later, here we are.<\/p>\n<p>The author also noted additional hardening for the auto-updater, WinGUp. The libcurl.dll dependency was removed &#8220;to eliminate DLL side-loading risk,&#8221; plugin management execution has been restricted to the program signed with the same certificate as WinGUp, and two unsecured cURL SSL options, CURLSSLOPT_ALLOW_BEAST and CURLSSLOPT_NO_REVOKE, have been removed.<\/p>\n<p>The author added: &#8220;Of course, it&#8217;s always possible to exclude the auto-updater during the UI installation, or to deploy the MSI package using the following command: msiexec \/i npp.8.9.2.Installer.x64.msi NOUPDATER=1.&#8221;<\/p>\n<p>Updating to the latest version would therefore seem prudent.<\/p>\n<p>The &#8220;Double-Lock&#8221; design is intended to make the Notepad++ update process more robust, although the&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/02\/18\/notepadplusplus_security_update\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Notepad++ declares new update process &#8216;unexploitable&#8217; \u2022 The Register https:\/\/www.theregister.com\/2026\/02\/18\/notepadplusplus_security_update\/ Publish Date: 2026-02-18 07:41:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":216758,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2017\/08\/11\/lock_shutterstock.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32],"class_list":["post-216757","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216757"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=216757"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216757\/revisions"}],"predecessor-version":[{"id":216759,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216757\/revisions\/216759"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/216758"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=216757"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=216757"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=216757"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}