Am I the first person to pop a shell in notepad?
....believe it or not, It's a real bug!
pic.twitter.com/t2wTh7E93p
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Counter point: if you can right click during an interactive SCCM install as a non-priv user, you can sometimes grab SYSTEM. I mean, yours is obviously cooler, but right-clicking can be handy.
Hah, fair enough 
"Clearly an attacker cannot right click dialogs..." Yeah, they can. All they need to do is get in via RDP. And it happens. A lot.
If you have an attacker connected through RDP you have bigger problems than them right-clicking to start a notepad shell. Of all things, that activity would be fairly simple to detect; their other potential actions are far more concerning.
yes yes, thus the winky emoji 
Right clicking is out of scope
I'm curious about the vulnerability trigger (notepad looks innocently simple) but I'll wait patiently 
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.