Microsoft releases update to fix screenshot editing vulnerability on Windows


San Francisco, Mar 26 (IANS): Microsoft has released an update to fix a screenshot editing vulnerability in Windows 10 and 11 that allows threat actors to recover modified screenshot sections.

The security issue -- called the "aCropalypse" -- could allow threat actors to recover the modified portions of screenshots, potentially disclosing sensitive information that had been cropped out or masked, according to The Verge.

The issue affects both the Snip & Sketch application on Windows 10 and the Snipping Tool on Windows 11, according to Microsoft.

It does, however, only apply to photographs made using a very precise set of processes, including those that have been taken, saved, edited, and then saved over the original file, as well as the ones opened in the Snipping Tool, edited, and then saved to the same location, the report said.

Moreover, the security flaw has no effect on screenshots that have been updated before saving them, and it also has no effect on screenshots that have been copied and pasted into, for instance, the body of an email or document.

Microsoft first learned about the issue last week.

The report further mentioned that the security flaw also allowed hackers to undo changes made to screenshots, allowing them to show personal information in an image that someone thought they were hiding by cropping it out or scribbling over it.

The latest updates for the affected apps can be downloaded from the Microsoft Store by clicking Library, then clicking Get updates.

 

  

Top Stories


Leave a Comment

Title: Microsoft releases update to fix screenshot editing vulnerability on Windows



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.