Were the binaries released on GitHub affected in the Notepad++ state-sponsored hacking incident?
-
Were the binaries released on GitHub affected in the Notepad++ state-sponsored hacking incident?
kindly provide confirmation.
-
@Naveen-Rathnam said in Were the binaries released on GitHub affected in the Notepad++ state-sponsored hacking incident?:
Were the binaries released on GitHub affected in the Notepad++ state-sponsored hacking incident?
Those that are worried “am I vulnerable” should really read the official announcement and this existing post rather than ask a new question.
No official binaries were affected by this issue. It was a website issue – the hack allowed them to send false responses when the Notepad++ updater (called “wingup” or “gup.exe”) asked the website where the download file was – it is the response from the website to this query from wingup that was affected (*), not the links on the HTML pages of the website, and not the files on the GitHub servers.
But the files on GitHub are all 100% what was intentended to be posted and published, and if you downloaded from there, there is no difficulty.
kindly provide confirmation.
Considering that the official announcement said, and I quote, “the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself”, that information was already provided. But I’ve said it in a different way here, in hopes that you will be able to understand what has already been said.
–
*: update: and that was only for a limited number of users – it was a targeted attack; the vast majority of update requests, even using the wingup updater, were not affected.
