an attacker could exploit the vulnerability and create a malicious Markdown file containing specially crafted links. If a user opens the file in Notepad and clicks one of the links, a script could launch, download, and execute malicious code
Since when does Notepad launch links???
WTF kind of stupid is this?