Windows Snipping Tool is vulnerable to Acropalypse too.

Topic

New Reply

https://twitter.com/David3141593/status/1638222624084951040

“Windows Snipping Tool is vulnerable to Acropalypse too.

An entirely unrelated codebase.

The same exploit script works with minor changes (the pixel format is RGBA not RGB)

Tested myself on Windows 11″

1 user thanked author for this post.

geekdom

Reply | Quote

Replies

A severe privacy flaw named ‘acropalypse’ has also been found to affect the Windows Snipping Tool, allowing people to partially recover content that was edited out of an image.

Windows 11 Snipping Tool privacy bug exposes cropped image content

3 users thanked author for this post.

GeeBeeDee, geekdom, Alex5723

Reply | Quote

Spot the secret:

Reply | Quote

b wrote:

Spot the secret:

How about a hint?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Snipping Tool with a bug [App update fixes the problem]

(Translated to English)

The Snipping Tool under Windows 10 and Windows 11 currently has an error that can also be security-related. Because changed images that are saved again with the same name retain the information before the change.

[Update 2023-03-23] Snipping Tool 11.2302.20.0 and higher corrects the error

Microsoft is currently delivering a new version Snipping Tool 11.2302.20.0 in the Insider channel. If you want to correct the error now, you can download and install the new version manually.

Go to store.rg-adguard.net and then from left to right:
ProductId | 9MZ95KL8MR0L | Almost | click tick

In the selection then download the Microsoft.ScreenSketch 2022. 2302.20.0 …_8wekyb3d8bbwe.msixbundle. (The version number can later be higher)

Start the app package with a double click.

That’s it already. So it shouldn’t be long before Microsoft will make the app available to all users.

Reply | Quote

While I realize that many people are forced to use Win 10 for one reason or another, I’m so glad I don’t have to!  So many problems, even after 7 years on the market.  I personally have no expectations that things will change with Win 11.

Being 20 something in the 70's was far more fun than being 70 something in the insane 20's

Reply | Quote

This snipping tool problem is on Windows 11, not 10.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

But Snipping Tool is deprecated in Windows 10 and it’s believed to apply to Snip & Sketch.

An obscure issue though which requires an unlikely Snip, Save, Crop, Save sequence.

And even then the “partial recovery” looks more theoretical than practical.

Reply | Quote

Susan Bradley wrote:

This snipping tool problem is on Windows 11, not 10.

It is in both OS’s. This shows that MS just copies code rather than write new code to fix things.

Here is typical MS employee work day.

• Party for first 4 weeks….project due in 1 year.
• Party and use mind alter substances to help create a cracy GUI interface for next 6 months…project due in 5 months.
• Full Party mode for next 3 months…and more high levels…project due in 2 months.
• More Party…….project due in 1 month.
• Time to get wasted…project due in 2 weeks.
• Might need to start something….project due in 1 week
• Time to sleep and party…project due in 3 days
• Need to start working on something….copy the old code and slap some crazy GUI changes to see like new thing…project due in 1 hour
• Release to public to test it…GREAT SUCCESS…time to party again….

https://www.laptopmag.com/news/windows-screenshot-flaw-could-expose-cropped-info-how-to-protect-your-pc

A flaw in the Windows 11 Snipping tool and the Snip and Sketch tool in Windows 10 could prove disastrous for users that are cropping confidential data out of their screenshots

Reply | Quote

I don’t see where there is a crop in the snipping tool on Windows 10?  Mind you I’m still using SNIPPING TOOL.  Aka the original one.  Not snip and sketch.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

And you could register and make my life easier tonight so I wouldn’t have to approve every one of your posts 😉

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303

The problem is in snip and sketch, not in the original snipping tool on Windows 10.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Snipping Tool (Windows 11) modified today, March 25, 2023 a few minutes past from update in Microsoft Store.

Here is the icon:

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

Snip and sketch on Windows 10 (aka the new one not the original one) has been updated as well.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

geekdom

Reply | Quote

Does anyone know if the original snipping tool that is included with Windows 10 (whose executable resides in the \Windows\system32 directory and is called “SnippingTool.exe”) is affected by this bug, or does this bug only affect the Windows 10 snipping tool that’s offered/obtained/updated through the MS Store as one of the UWP apps?

1 user thanked author for this post.

geekdom

Reply | Quote

Just tested it on my Win10 and have to say it’s probably not since, unlike “snip & sketch“, there’s no option to crop the captured image (which is the whole source of the vulnerability.)

2 users thanked author for this post.

geekdom, Bob99

Reply | Quote

geekdom wrote:

Snipping Tool (Windows 11) modified today, March 25, 2023 a few minutes past from update in Microsoft Store.

Updates from Microsoft store are blocked on my Windows 10.

Reply | Quote

Don’t snip your private parts then (or don’t save, crop, save it).

Reply | Quote

This is why I don’t recommend blocking updates from the Store.

I also don’t use snip and sketch on Windows 10.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Alex5723

Reply | Quote

Susan Bradley wrote:

I also don’t use snip and sketch on Windows 10.

I don’t use snip and sketch either. In fact, I don’t use any Microsoft store app (deleted all jumping tiles apps).

Reply | Quote