Microsoft Issues Emergency Update for Windows Snipping Tool Flaw

March 25, 2023

Microsoft has released an emergency security update for the Windows 10 and Windows 11 Snipping Tool to fix the Acropalypse privacy vulnerability, which is now tracked as CVE-2023-28303. The Acropalypse vulnerability occurs when image editors do not properly remove cropped image data when overwriting the original file. This means that if a user takes a screenshot and crops out sensitive information, they would expect the cropped data to be removed when saving the image. However, due to this bug, both the Google Pixel's Markup Tool and the Windows Snipping Tool were found to be leaving the cropped data within the original file.

Extra data, which could be used to partially recover the cropped image content, is saved after the IEND file marker, which denotes the end of a PNG file. Normally, there should be no data after the IEND marker. Security researchers have stated that the number of public images impacted by this flaw may be high, with VirusTotal alone hosting over 4,000 images affected by the Acropalypse bug. Therefore, on services catering to image hosting, the number of Acropalypse-impacted images is likely much higher.

Microsoft was testing a fix for the Windows 11 Snipping Tool bug in the Windows Insider Canary channel. Recently, the company publicly released security updates for both the Windows 10 Snip & Sketch and Windows 11 Snipping Tool program to resolve the Acropalypse flaw. Microsoft said, "We have released a security update for these tools via CVE-2023-28303. We recommend customers apply the update." After installing this security update, Windows 11 Snipping Tool will be version 10.2008.3001.0, and Windows 10 Snip & Sketch will be version 11.2302.20.0.

Microsoft is now tracking the vulnerability as CVE-2023-28303 and titled it "Windows Snipping Tool Information Disclosure Vulnerability." The vulnerability is classified as "Low" severity because it "requires uncommon user interaction and several factors outside of an attacker's control." However, it is not uncommon to take a screenshot, save it, and then realize you need to crop something out and then overwrite the original image, which would now have been affected by the bug. The good news is that if you do not share an affected image publicly, you will have little risk of the flaw being exploited unless your device is compromised. To install the security updates, open the Microsoft Store and go to Libary > Get Updates, and the latest version of the Windows Snipping Tool will be automatically installed.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.