v7.3.3 - Fix CIA Hacking Notepad++ issue
-
“Vault 7: CIA Hacking Tools Revealed” has been published by Wikileaks recentely, and Notepad++ is on the list.
The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a compromised PC, which is replaced by a modified scilexer.dll built by the CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead of the original one.
It doesn’t mean that CIA is interested in your coding skill or in your sex message content, but rather it prevents raising any red flags while the DLL does data collection in the background.It’s not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won’t be loaded, and Notepad++ will fail to launch.
Checking the certificate of DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn’t prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
Just like knowing the lock is useless for people who are willing to go into my house, I still shut the door and lock it every morning when I leave home.
We are in a f**king corrupted world, unfortunately.https://notepad-plus-plus.org/news/notepad-7.3.3-fix-cia-hacking-issue.html
-
As you note, if the hackers have the ability to drop a DLL into the Notepad++ application directory, they can probably do just about anything they want. They’re already on the other side of the airtight hatchway, as Raymond Chen would put it.
-
Don,
Thank you for adding the “Improve multi-line tab: maintaining the selected tab position.” feature. That will make life easier for me. Sadly, that feature seems to have disabled the tab drag-and-drop ability when in mulit-line mode. Maintaining the rows of tabs is more important to me, but if both functions could work together, that would be great.Thanks also for doing the scilexer.dll fix. Regardless of how compromised the system is, I’m glad you have the pride to do everything you can to make sure it doesn’t happen in your house.
Respect
-
Wear a safety reflector and use anti-virus is all that most people need to know. Patching just 1 car has little effect on overall security.
-
Hi and thanks for all. Maybe, my problem but I see the error of SciLexer.dll starting Notepad++ 32-bit on Win 10 Pro 64-bit Anniversary Edition. Has anyone noticed the same?
-
What exactly is the error message?
and do you have a SciLexer.dll in the directory where notepad++.exe has been installed?Cheers
Claudia -
C:\Program Files (x86)\Notepad++\SciLexer.dll
CRC32: 7ffc0f72Certificate checking
Check certificate of C:\Program Files (x86)\Notepad++\SciLexer.dll : Impossible to find the specified object
OKException on WM_CREATE
ScintillaEditView::init : SCINTILLA ERROR - can not load the dynamic library
OK -
-
https://notepad-plus-plus.org/repository/7.x/7.3.3/npp.7.3.3.Installer.exe
CRC32: 8e15096a
I also tried to disable AV and to install as adminSorry but I’m a new user, I haven’t earned 2 reputation and I can only post once every 1200 seconds…
-
OK, I installed VirtualBox and loaded my aged Winodws 10 64bit VM,
Downloaded npp7.3.3 (32bit) and installed it.
Started npp - no problem. (The only problem is that it takes ages because of my old pc isn’t really capable of doing it.)So what is specific to your setup? Any ideas?
Cheers
Claudia -
@GlacialManYT said:
Certificate checking
Check certificate of C:\Program Files (x86)\Notepad++\SciLexer.dll : Impossible to find the specified objectIt seems your SciLexer.dll in C:\Program Files (x86)\Notepad++ is not signed.
Could you send me your SciLexer.dll to don.h@free.fr please? -
E-Mail message sent.
-
@GlacialManYT Thank you.
I have checked. The file (scilexer.dll) is correct.
Could you- make sure your OS is updated and restart your PC.
- download minimalist package both 32/64 bith version from notepad-plus-plus.org, create npp32 & npp32 under *c:\temp*, unzip both into c:\temp\npp32 & c:\temp\npp64 respectively, then give both a try?
-
Hello, Don,
How are you ? Not too traumatized by the recent CIA Hacking issue. Thank you, for caring about our global security :-))
Don, from the discussion, between Jean Heck, Mkupper and Claudia :
https://notepad-plus-plus.org/community/topic/13374/double-click-links-no-longer-work/1
I realized some tests. And, indeed, there is a bug, with clickable links, in the last versions of Notepad++
To reproduce the bug :
-
Create a simple text file, named
test.txtunder the rootC:\of your machine -
Start Notepad++
-
Open, first, any file, for instance, the
change.logfile -
Now, in a new tab, type the single line, below :
file://C:/test.txt
-
Save this text file as
Test_Lang.txt -
Change the language of the
Test_Lang.txtfile to any language -
Select the
change.logfile and, immediately, go back to theTest_Lang.txtfile
( Note : this “switch” action allows to active the link, again ! )
- Finally, double-click on the
file://C:/test.txtlink
=> I noticed that the double-click does NOT work, for the four languages
ASP HTML JSP PHP, if the N++'s version is superior or equal tov7.3!For all other languages, included Normal Text, the double-click DOES work and opens, as expected, the test.txt file, in Microsoft Notepad :-)
Best Regards,
guy038
P.S :
-
Of course, I suppose that the option Enable, in Settings… > Preferences… > MISC. > Clickable Link Settings is checked !
-
Perhaps, the reason(s) why double-click doesn’t work for the four languages ASP, HTML, JSP and PHP is(are) not the same for each of them :-((
-
-
I believe that enforcing the signature checking for just scilexer.dll is not enough:
if I were a hacker, after this patching if I still want to hack a Notepad++
I would just move to the next DLL !
Question: why not enforce the signature checking for all the Notepad++ DLLs? -
Hi Don, thanks for your help, I will make the test that you have suggested, as soon as possible. I take this opportunity to point out a small anomaly. When in Notepad++ several files are opened (txt, bat, cmd), if I modify or I delete any of these files, and Notepad++ is opened in background, when I switch to Notepad++ an useful window asks to me if I want to update the situation. The problem comes when I modify or I delete an opened file and, after, without switching to Notepad++, I open a file, I expect that its tab is selected, in the foreground, but, after having responded to the question of the said window, file is not pointed and I must search for it in the open tabs of Notepad++ (that generally are many). After the answer, according to me, should be selected the tab of the last opened file (or in phase of opening). Obviously, if I have modified or deleted some files, the questions are one for each file and, at the end of the answers, as said, should be selected the tab of the last opened file (or in phase of opening). That’s all, not so important but useful.
-
I’ve opened https://github.com/notepad-plus-plus/notepad-plus-plus/pull/3019 which solves the issue with clicking links in certain file types.
-
@donho : I have deeply uninstalled notepad++ 32-bit v7.3.3 and, after, I have cleaned the registry but the error persists. I have the same problem with all 32-bit versions ( I made a test also with this http://portableapps.com/apps/development/notepadpp_portable ). Instead, all 64-bit versions are working regularly. So, I’m using the 64-bit version also if, for now, I would prefer the 32-bit version, that supports all plug-ins. I can make a test on others Windows 10 Pro 64-bit Anniversary Edition. See you soon.
-
Can you run ProcMon to see what’s going on?
Once downloaded, start it, create a filter for SciLexer.dll (Path ends with)
make sure that (toolbar buttons) file system activity and process and thread activity
have been pressed and start npp.
What’s the result?Cheers
Claudia -
Thanks for your help Claudia, there was a system problem that I solved. Now all is ok.
