Windows 11 Snipping Tool 'aCropalypse' bug fixed with emergency update from Microsoft

News
By Sean Endicott
published

Make sure to update the Windows 11 Snipping tool to protect your images.

Windows 11 Snipping Tool screen recording
(Image credit: Microsoft)

What you need to know

  • Windows 11's Snipping Tool has an issue that makes it possible to recover information that has been cropped from images.
  • The bug is similar to a situation referred to as "aCropalypse" that affects Google Pixel phones.
  • Microsoft has released an emergency fix for the issue.

The Snipping Tool on Windows 11 contains a vulnerability that can make it possible to recover sensitive data from images in certain circumstances. The problem is similar to the "aCropalypse" situation that affects Google Pixel phones. In both cases, screenshots that are cropped and then saved to specific locations fail to erase information completely.

If exploited, the bug could be used to extract personal or sensitive information from an image. For example, someone may use the Snipping Tool to take a screenshot of a shipping receipt and then crop out their address. Using the right tools, an attacker could obtain the address from the section cropped out of the image.

Microsoft has shipped an emergency fix that addresses the vulnerability. The update is available now through the Microsoft Store (via BleepingComputer).

Microsoft marked the severity of the vulnerability as low due to it requiring "uncommon user interaction and several factors outside of an attacker's control."

The issue is officially referred to as Windows Snipping Tool Information Disclosure Vulnerability (CVE-2023-28303).

The company highlighted that the following conditions must be met to leave data vulnerable:

  • The user must take a screenshot, saved it to a file, modify the file (for example, crop it), and then save the modified file to the same location.
  • The user must open an image in Snipping Tool, modify the file (for example, crop it), and then save the modified file to the same location.

While those are specific parameters, they are far from impossible.

The bug only affects Snip & Sketch on Windows 10 and the Snipping Tool on Windows 11. It does not affect the default Snipping Tool on Windows 10. Microsoft specified which version the respective apps need to be on to be safe from the vulnerability:

  • For Snip and Sketch installed on Windows 10, app versions 10.2008.3001.0 and later contain this update.
  • For Snipping Tool installed on Windows 11, app versions 11.2302.20.0 and later contain this update.
Sean Endicott
Sean Endicott
News Writer and apps editor

Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at sean.endicott@futurenet.com.