Notepad++ 7.3.3 update fixes CIA vulnerability

The developers of the popular third-party text editor Notepad++ released version 7.3.3 which fixes a vulnerability found in the leaked Vault 7 files.

Wikileaks started to release so-called Vault 7 files the other day; a cache of confidential documents on the U.S. Central Intelligence Agency.

A list of popular software programs was found among the information that the CIA used to target computer systems.

Fine Dining documents, Fine Dining is the codename for the operation, list 24 popular applications that the CIA used to attack computer systems.

The list reads like the who is who of the free software world, as it includes Google Chrome, VLC Media Player, Firefox, Opera, Kaspersky TDSS Killer, Thunderbird, LibreOffice, Skype, and Notepad++ to name just a few.

Notepad++ 7.3.3 update

The Notepad++ vulnerability is listed on this Wikileak's page. It is said to work with portable and non-portable -- read install -- versions of the text editor.

Notepad++ loads Scintilla, a "code editing component" (and seperate project), from a DLL adjacent to its EXE called "SciLexer.dll".  This DLL exports only one funciton named "Scintilla_DirectFunction" at ordinal #1

The DLL does a lot of "set up" in ProcessAttach, so it is important to load the true DLL as soon as the hijack is loaded.

The Notepad++ team released version 7.3.3 of the text editor to patch the DLL hijack security issue in the application.

The team notes that all future versions of Notepad++ will check the certificate of the scilexer.dll file before loading it to remedy the situation. If the certificate is invalid, or entirely missing, Notepad++ won't load the DLL file and will fail to launch as a consequence.

The team notes that this won't do you any good if the entire PC is compromised as attackers may do anything they like in this case (e.g. replace the notepad executable file with a modified copy).

Users of the program are encouraged to update immediately to protect the software from potential attacks. Downloads are provided on the official Notepad++ website, or via the program's automatic update functionality if enabled. Auto-update may not be triggered right away though, so it may be better if you download the new release manually from the website instead.

The new version of Notepad++ features a couple of other changes. Those are mostly bug fixes and a handful of smaller enhancements to the program though.

Expect to see other companies release updates for their products affected by the leak in the near future.

Now You: are you concerned about the leak?