Microsoft Windows Snipping Tool Vulnerability
In today’s SensCy Cyber Alert, your SensCy team recommends Microsoft Windows 10 and Windows 11 users to install the latest security update immediately.
This vulnerability, now tracked as CVE-2023-28303, also called Acropalypse vulnerability, is caused by image editors not properly removing cropped image data when overwriting the original file. Meaning that when taking a screenshot and cropping sensitive information (account number, PII), the cropped image were not removed from the original file, that could be recovered by someone who has access to the complete image file.
After installing the latest update, the Snipping tool will be version 11.2302.20.0 for Windows 11, and Windows 10 Snip & Sketch will be version 10.2008.3001.0.
To install the security updates:
- open the Microsoft Store and go to Library > Get Updates, and the latest version of the Windows Snipping Tool will be automatically installed.
Feel free to reach out to your client advocate for additional support.