In this article, we delve into the details behind the recent Windows screenshot editing vulnerability, its effects, and the steps taken to address it, while also providing key takeaways and additional information about Microsoft’s recent decisions.
Microsoft has released an update addressing a unique screenshot editing vulnerability affecting Windows 10 and 11, initially reported by Bleeping Computer.
Termed as the “aCropalypse,” this security flaw could potentially allow cybercriminals to recover edited sections of screenshots, potentially exposing private information that users tried to hide or crop out.
The issue (CVE-2023-28303) is present in both the Snip & Sketch app for Windows 10 and the Snipping Tool for Windows 11.
However, it is only applicable to images that have undergone a specific set of steps, such as being captured, saved, edited, and saved over the original file or opened in the Snipping Tool, edited, and saved to the same location.
Screenshots that were edited before saving and those copied and pasted into emails or documents are not affected.
Microsoft became aware of the issue earlier this week when Chris Blume, the chair of the working group for the PNG image format, informed security researchers David Buchanan and Simon Aarons.
These researchers had previously discovered a similar vulnerability affecting Google Pixel’s Markup tool, known as the “aCropalypse,” which also allowed hackers to reverse changes made to screenshots, thus exposing private information that users believed they had concealed by cropping or scribbling over.
To fix the problem, people can update the impacted apps on their Windows device.
To update your Microsoft software, follow these simple steps: Go to the Microsoft Store, click on Library, and select the Get Updates option.
For those with automatic updates enabled, the Snipping Tool should be updated to version 10.2008.3001.0, and the Snip & Sketch tool should be updated to version 11.2302.20.0.
However, it is important to note that Microsoft’s patch will not retroactively update edited screenshots already posted online, potentially leaving thousands of vulnerable screenshots available for exploitation.
In unrelated news, earlier this year, Microsoft announced a workforce reduction of 10,000 employees by March 31 due to a decline in revenue growth.
The company will incur a $1.20 billion charge in the fiscal second quarter (Q2), resulting in a negative impact of 12% on earnings per share (EPS).
CEO Satya Nadella expressed confidence in Microsoft’s resilience, stating that the company will emerge “stronger and more competitive.”
He also mentioned that the reduction would affect less than 5% of the workforce, and some employees will be informed of their job status this week.
Microsoft’s timely response to the “aCropalypse” vulnerability demonstrates their commitment to addressing security flaws and ensuring user privacy.
Users are encouraged to keep their apps updated and remain vigilant regarding the potential risks associated with sharing edited screenshots.
As the company undergoes workforce reductions, it will be crucial to monitor how these changes affect Microsoft’s future growth and competitiveness in the technology sector.
