Notepad ++ Upgrade causing ‘Trojan:Script/Wacatac.B!ml’

We had alerts today internally on defender due to a Notepad++ upgrade to 8.2.2. Note pad ++ is no longer able to sign their releases due to not being able to renew an expiring certificate due to changes in certificate authority policies as detailed at https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/ and https://notepad-plus-plus.org/news/v882-fix-security-issue/

The current work around is to whitelist the SHA 1 hash as trusted to not block the updates

179613870a9ffc646b77918701481c8ffdae1c82e06cbc7ea7d42af3d1c9e5e2  npp.8.8.2.Installer.exe

561a1656f8710cfd39a5dee3ae67b2c18916f792

which matches the digests (viewed over https) at https://notepad-plus-plus.org/downloads/v8.8.2/ and on their github releases page at https://github.com/notepad-plus-plus/notepad-plus-plus/releases/tag/v8.8.2

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...