The vulnerability could potentially be used to access sensitive information by others.
New research has revealed that Microsoft’s Snipping Tool for Windows 11 and the Snip & Sketch tool in Windows 10 has a vulnerability that could allow sensitive information to be accessed by others.
New research has revealed that Microsoft’s Snipping Tool for Windows 11 and the Snip & Sketch tool in Windows 10 has a vulnerability that could allow sensitive information to be accessed by others.
The vulnerability was discovered by David Buchanan, who found that if a screenshot was taken, saved and then cropped and saved again, the data may still be available in the file, and with a few “minor changes” the information could be accessed.
While the vulnerability appears to be somewhat limited, Buchanan warns that information people thought they had deleted may still be floating around on the internet.
– Take a screenshot.
— David Buchanan (@David3141593) March 21, 2023
– Press the save icon.
– Crop the screenshot.
– Press the save icon and save to the same file (the default!)
This discovery comes on the heels of a previous report by Buchanan and researcher Simon Aarons about the “acropalypse” vulnerability for Pixels, which highlighted the risk of sensitive information being left intact in images created using the tool.
Microsoft has stated that they are aware of the issue and are investigating, adding that they will take action to help keep customers protected.