[notepad0x90]

Unless the updater also runs the installer, then you just drop your malicious dll in the right place and wait for an update, or find a way to force-trigger an update.

Attackers can also use the notepad installer as a payload execution mechanism. To run your malware, just get older notepad++ installers and drop your dll after the installer is running to run it as SYSTEM.

[delfinom]

Meh, there's plenty of Microsoft services on a system that fall for the same trick. If an attacker has PC access, its game over anyway.

[notepad0x90]

For a non-admin user to get admin or system, that's a proper CVE. For an admin user behind uac though, uac bypasses aren't considered bypassing of a security boundary so no CVE there.