Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Windows Central
Windows Central
Technology
Sean Endicott

Windows 11 Snipping Tool 'aCropalypse' bug fixed with emergency update from Microsoft

Windows 11 Snipping Tool screen recording

What you need to know

  • Windows 11's Snipping Tool has an issue that makes it possible to recover information that has been cropped from images.
  • The bug is similar to a situation referred to as "aCropalypse" that affects Google Pixel phones.
  • Microsoft has released an emergency fix for the issue.

The Snipping Tool on Windows 11 contains a vulnerability that can make it possible to recover sensitive data from images in certain circumstances. The problem is similar to the "aCropalypse" situation that affects Google Pixel phones. In both cases, screenshots that are cropped and then saved to specific locations fail to erase information completely.

If exploited, the bug could be used to extract personal or sensitive information from an image. For example, someone may use the Snipping Tool to take a screenshot of a shipping receipt and then crop out their address. Using the right tools, an attacker could obtain the address from the section cropped out of the image.

Microsoft has shipped an emergency fix that addresses the vulnerability. The update is available now through the Microsoft Store (via BleepingComputer).

Microsoft marked the severity of the vulnerability as low due to it requiring "uncommon user interaction and several factors outside of an attacker's control."

The issue is officially referred to as Windows Snipping Tool Information Disclosure Vulnerability (CVE-2023-28303).

The company highlighted that the following conditions must be met to leave data vulnerable:

  • The user must take a screenshot, saved it to a file, modify the file (for example, crop it), and then save the modified file to the same location.
  • The user must open an image in Snipping Tool, modify the file (for example, crop it), and then save the modified file to the same location.

While those are specific parameters, they are far from impossible.

The bug only affects Snip & Sketch on Windows 10 and the Snipping Tool on Windows 11. It does not affect the default Snipping Tool on Windows 10. Microsoft specified which version the respective apps need to be on to be safe from the vulnerability:

  • For Snip and Sketch installed on Windows 10, app versions 10.2008.3001.0 and later contain this update.
  • For Snipping Tool installed on Windows 11, app versions 11.2302.20.0 and later contain this update.
Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.