Windows Screenshot Security Flaw Addressed: The “aCropalypse” Tamed
News

Windows Screenshot Security Flaw Addressed: The “aCropalypse” Tamed

Table of Content

In this article, we delve into the details behind the recent Windows screenshot editing vulnerability, its effects, and the steps taken to address it, while also providing key takeaways and additional information about Microsoft’s recent decisions.

“aCropalypse” – A Unique Screenshot Security Flaw

Microsoft has released an update addressing a unique screenshot editing vulnerability affecting Windows 10 and 11, initially reported by Bleeping Computer. 

Termed as the “aCropalypse,” this security flaw could potentially allow cybercriminals to recover edited sections of screenshots, potentially exposing private information that users tried to hide or crop out.

The issue (CVE-2023-28303) is present in both the Snip & Sketch app for Windows 10 and the Snipping Tool for Windows 11. 

However, it is only applicable to images that have undergone a specific set of steps, such as being captured, saved, edited, and saved over the original file or opened in the Snipping Tool, edited, and saved to the same location. 

Screenshots that were edited before saving and those copied and pasted into emails or documents are not affected.

Microsoft Responds Swiftly to Address the Issue

Microsoft became aware of the issue earlier this week when Chris Blume, the chair of the working group for the PNG image format, informed security researchers David Buchanan and Simon Aarons. 

These researchers had previously discovered a similar vulnerability affecting Google Pixel’s Markup tool, known as the “aCropalypse,” which also allowed hackers to reverse changes made to screenshots, thus exposing private information that users believed they had concealed by cropping or scribbling over.

Updating Apps to Fix the Vulnerability

To fix the problem, people can update the impacted apps on their Windows device. 

To update your Microsoft software, follow these simple steps: Go to the Microsoft Store, click on Library, and select the Get Updates option. 

For those with automatic updates enabled, the Snipping Tool should be updated to version 10.2008.3001.0, and the Snip & Sketch tool should be updated to version 11.2302.20.0. 

However, it is important to note that Microsoft’s patch will not retroactively update edited screenshots already posted online, potentially leaving thousands of vulnerable screenshots available for exploitation.

Microsoft’s Recent Decisions and the Future

In unrelated news, earlier this year, Microsoft announced a workforce reduction of 10,000 employees by March 31 due to a decline in revenue growth. 

The company will incur a $1.20 billion charge in the fiscal second quarter (Q2), resulting in a negative impact of 12% on earnings per share (EPS). 

CEO Satya Nadella expressed confidence in Microsoft’s resilience, stating that the company will emerge “stronger and more competitive.” 

He also mentioned that the reduction would affect less than 5% of the workforce, and some employees will be informed of their job status this week.

Conclusion

Microsoft’s timely response to the “aCropalypse” vulnerability demonstrates their commitment to addressing security flaws and ensuring user privacy. 

Users are encouraged to keep their apps updated and remain vigilant regarding the potential risks associated with sharing edited screenshots. 

As the company undergoes workforce reductions, it will be crucial to monitor how these changes affect Microsoft’s future growth and competitiveness in the technology sector.

share

Written by

gabriel

Reviewed By

Judith

Judith

Judith Harvey is a seasoned finance editor with over two decades of experience in the financial journalism industry. Her analytical skills and keen insight into market trends quickly made her a sought-after expert in financial reporting.