Microsoft has released an emergency security update for the Windows 10 and 11 Snipping Tool following the discovery of the Acropalypse vulnerability in the two tools. The vulnerability allows anyone to recover and undo any changes in images edited by the screenshotting and markup tool. The vulnerability is officially tracked as CVE-2023-28303.
Prior to the update, the Windows Snipping Tool leaves untruncated data on edited PNG and JPG files. This leaves behind a chunk of data that can be partially recovered and might reveal sensitive information in some cases. The issue is very similar to the Pixel Markup tool, where the Acropalypse vulnerability was first discovered.
Security researchers David Buchanan and Simon Aarons, who discovered the Markup bug also made a website that can recover screenshots edited by Markup. While the way the vulnerability works across both platforms is the same, the Markup screenshot recovery tool can’t recover screenshots edited by the Snipping Tool.
Microsoft was already testing a fix for the Windows 11 Snipping Tool in the Windows Insider Canary channel, however, the final update seems to have covered Windows 10 as well. That said, this is classified as a low-severity vulnerability as it requires “uncommon user interaction and several factors outside of an attacker’s control”. For an image to be vulnerable, it needs to be created under either of the two conditions.
- The user must take a screenshot, save it to a file, modify the file and then save the modified file to the same location.
- The user must open an image in the Snipping Tool, modify the file and then save the modified file to the same location.
Regardless, it can lead to some sensitive information being leaked if you aren’t on the latest version of these tools. At the time of writing, Snip and Sketch (installed on Windows 10) version 10.2008.3001.0 and above as well as Snipping tool (installed on Windows 11) versions 11.2302.20.0 and above are protected from the bug.
In the News: Fake W-9 tax forms are distributing the Emotet malware