TechTech News

Update Windows Now to Avoid Potentially Exposing Account Details

Save
Update Windows Now to Avoid Potentially Exposing Account Details
A file photo shows a man using a laptop with the Microsoft Windows operating system. (Bay Ismoyo/AFP via Getty Images)
Jack Phillips
4/4/2023
Updated:
4/4/2023
0:00
Microsoft has released an emergency security update for Windows 10 and Windows 11, according to a new security alert, as some experts urged users to update their devices as soon as possible.

The Redmond, Washington-based tech giant said a security flaw had been found in the Windows 10 and 11 Snipping Tool application, sometimes known as the “Acropalypse” vulnerability. The bug, categorized as CVE-2023-28303, means that image editors haven’t been removing cropped image data when the original file is overwritten.

While Microsoft said the vulnerability was rated as “low” in severity, the firm told news outlets last week that “we have released a security update for these tools via CVE-2023-28303. We recommend customers apply the update.”

“The severity of this vulnerability is low because successful exploitation requires uncommon user interaction and several factors outside of an attacker’s control,” said Microsoft in its bulletin, adding that an image that can be exploited has to meet one of two conditions.

“The user must take a screenshot, save it to a file, modify the file (for example, crop it), and then save the modified file to the same location,” the bulletin stated.

The other condition is that “the user must open an image in Snipping Tool, modify the file (for example, crop it), and then save the modified file to the same location.”

A file photo shows Microsoft's Snipping Tool. (Screenshot via The Epoch Times)
A file photo shows Microsoft's Snipping Tool. (Screenshot via The Epoch Times)

It noted: “For example, if you take a screenshot of your bank statement, save it to your desktop, and crop out your account number before saving it to the same location, the cropped image could still contain your account number in a hidden format that could be recovered by someone who has access to the complete image file.”

But if a user copies the cropped image from the Snipping Tool program and pastes it into a document or email, anything that has been cropped out or hidden—such as an account number—won’t be copied, Microsoft noted.

To exploit the flaw, an attacker could recover portions of the original image when an image is partially overwritten, the firm said.

Researchers with tech website BleepingComputer noted that the extra data from cropped images could “be used to partially recover the cropped image content, potentially exposing sensitive content that was never meant to be public.” And security researchers told the website that there may be a large number of images impacted by this flaw.

To install the update, a user can open the Microsoft Store, go to the library, and click “get updates.” Then they can apply the latest patch to Windows Snipping Tool.

“It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. You can get the update through the store by following this guide: Get updates for apps and games in Microsoft Store. Based on your operating system, Microsoft Store will display the update that is available for the Snipping Tool you have installed,” the company says.

SHARE THIS ARTICLE
Jack Phillips
Jack Phillips
Author (Breaking News Reporter)
Jack Phillips is a breaking news reporter with 15 years experience who started as a local New York City reporter. Having joined The Epoch Times' news team in 2009, Jack was born and raised near Modesto in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter
Related Topics