Microsoft fixes vulnerability in the Windows Snipping tool
Microsoft provided an urgent security upgrade for the Windows 10 and Windows 11 Snipping tools to address the Acropalypse privacy issue,
The Acropalypse vulnerability, which is currently tracked as CVE-2023-28303, results from image editors failing to correctly remove trimmed input images when resetting the original file.
For instance, one should have reasonable expectations that the sensitive information you have cut out of a screenshot, such as account numbers, would be erased when the image is saved.
Even so, it was discovered that due to this flaw, the cropped data was being kept in the original file by both the Windows Snipping Tool and the Markup Tool for the Google Pixel.
Security experts have alerted that there may be a large number of publicly available photographs compromised by this problem, with VirusTotal alone containing over 4,000 images.
As a result, there are probably many more Acropalypse-affected photos on image hosting services.
Microsoft makes an open-source security update. Microsoft was putting a remedy for the Windows 11 Snipping Tool problem inside the Windows Insider Canary channel for testing.
Microsoft has fixed the Acropalypse bug by publicly releasing security patches for the Windows 10 Snip & Sketch and Windows 11 Snipping Tool programmes.
Microsoft issued a statement “With CVE-2023-28303, we have made a security update available for these tools. Customers are advised to install the update”.
Both Windows 11 Snipping Tool and Windows 10 Snip & Sketch will be at version 11.2302.20.0 following the installation of this security update.
Microsoft has renamed the vulnerability “Windows Snipping Tool Access To Information Vulnerability” and is currently monitoring it as CVE-2023-28303.
As the vulnerability “needs rare user engagement and various parameters that are not under the attacker’s control,” it is rated as having “Medium” severity.
To edit a screenshot, the user must first capture a snapshot store it to a file crop the image, and then save the edited picture to the same place.
A picture must be opened in the Snipping Tool, edited (for instance, by cropping it), and then saved in the same spot. Having said that, it happens frequently in our experience to take a screenshot save it then realize you have to clip something out and replace the original picture. The problem would have now been present in this picture.
The good news is that, regardless of how the picture was made, if you do not publicly publish a corrupted image, there is minimal chance that the defect will be used against you until your device is compromised.
The most current edition of the Windows Snipping Tool would be installed automatically after opening the Microsoft Store and selecting Library > Get Updates to apply the security updates.
Author: Harsh Vikram Shahi