As Microsoft continues to force AI features onto users of its Windows operating system and other crucial software, glaring issues keep cropping up. Executives have promised to turn the platform into an “agentic OS” to the dismay of many users, with CEO Satya Nadella boasting that much of the company’s code is now being written by AI — while condemning those who use the newly-minted pejorative “Microslop.”
While new bugs in an operating system software update are certainly commonplace, some have noticed that the problem is getting worse than usual these days. Just last month, some Windows 11 enterprise users were aggravated after finding that their systems were stuck in an endless shutdown loop, a security risk if left unattended.
Even the company’s Notepad app, which once allowed users to jot down notes in plain text, has turned into a bloated, AI-enhanced security liability. As malware researchers from the collective vx-underground found, the app has a “remote code execution zero-day” — meaning a vulnerability in software unknown even to its creators.
According to Microsoft documentation of the bug, “improper neutralization of special elements used in a command (‘command injection’) in Windows Notepad App allows an unauthorized attacker to execute code over a network.”
“An attacker could trick a user into clicking a malicious link inside a Markdown file opened in Notepad, causing the application to launch unverified protocols that load and execute remote files,” the documentation reads. (Markdown is a language for formatting text.)
While the bug was patched in Microsoft’s monthly security updates, it’s yet another instance of a tech company pushing AI features on its customers against their will — with potentially disastrous results. Case in point, Microsoft’s AI “Recall” feature, which was designed to quietly take screenshots of users’ screens every few seconds, turned out to be an enormous security nightmare in late 2024, forcing the Windows team to go back to the drawing board. While it was pushed to users in mid-2025, experts continue to warn that it’s a privacy nightmare and far too risky to be used.
The latest Notepad bug is symptomatic of a much larger struggle for the tech giant. Last week, the Wall Street Journal published an investigation, quoting current and former employees, who found that Microsoft’s confusing branding and grating lack of cohesion between its AI products had frustrated and turned off users. Worse yet, the adoption rate of its Copilot AI chatbot, which was baked into Windows 11, is extremely slim, suggesting a significant lack of public enthusiasm for the flagship feature.
To vx-underground, the latest Notepad vulnerability is a gross example of mission creep for an app that once served a far simpler function.
“Hot take: text editors don’t need network functionality,” the collective argued in a tweet.
Others tended to agree with that assessment.
“Notepad [remote code execution] in 2026?” the account for digital security firm Secure.com replied. “We really out here weaponizing the .txt file because we just HAD to have AI in our basic editor.”
“If ur text editor has enough network functionality to trigger a remote shell, ur basically building a playground for attackers,” the account added.
Some lamented the end of a far simpler, basic text-editing tool.
“Microsoft is turning Notepad into a slow, feature-heavy mess we don’t need,” Polytechnic University of Catalonia computer engineer Manel Rodero tweeted, appending a screenshot of the documented vulnerability. “We just want something to open text files, not an AI-powered editor with security holes like this.”
“Who the hell is in charge of this development?” he added.
“Obviously, an issue like this puts polarizing features under a microscope, and I totally get the innovation pursuit, but this feels like a prime example of a solution in search of a problem,” IT systems engineer Nathan Kasco responded.
Rodero argued that Windows had plenty of areas that “need real improvement, but “instead, we keep getting visual tweaks and AI gimmicks that most users will never touch.”
Microsoft has struggled to convince many of its customers of the benefits of AI in its latest operating system, with hundreds of millions of users refusing to upgrade from Windows 10, as of late last year.
Many of the AI features that have been introduced leave plenty to be desired. Last month, programmer Ryan Fleury demonstrated that Windows 11’s AI-powered search bar struggled with the very basics, leading to plenty of other netizens calling the company “Microslop.”
Meanwhile, system administrators are forced to clean up after the company, making a mess of its core product.
“All this does is make system admins spend countless hours stripping out nonsense just to deploy a clean, well‑configured machine,” Rodero lamented.
More on Windows and AI: As Microsoft Stuffs Windows With AI, New Update Prevents Users From Turning Off Their PCs
The post Microsoft Added AI to Notepad and It Created a Security Failure Because the AI Was Stupidly Easy for Hackers to Trick appeared first on Futurism.
