Home » PC Tech & Gaming News » Microsoft patched “aCropalypse” vulnerability in Windows 11

Microsoft patched “aCropalypse” vulnerability in Windows 11

Updates for Windows 10 are also available

Updated: Mar 27, 2023 5:18 pm
Microsoft patched “aCropalypse” vulnerability in Windows 11

WePC is reader-supported. When you buy through links on our site, we may earn an affiliate commission. Prices subject to change. Learn more

Microsoft has released a duo of emergency updates to address the worrying “aCropalypse” security flaw found within the native Windows 10 and 11 screenshot editing applications. If you use these features a lot, like us, then you’ll be pleased to know that Microsoft patched “aCropalypse” vulnerability in Windows 11.

The issue meant that there was the potential to release sensitive information that was previously cropped out of a screenshot. The issue was not just for android phones either, in fact, the flaw also featured in the Windows 11 desktop snipping tool too.

But what is the aCropalypse vulnerability and what does it do? This a valid question, and one we will answer momentarily.


What is the aCropalypse vulnerability?

The aCropalypse vulnerability or you may prefer its official name, which is CVE-2023-28303.

The Acropalypse vulnerability stems from the inadequate removal of cropped image data by image editing software while overwriting the original file.

Suppose you capture a screenshot and crop out confidential information, like account numbers. In that case, it’s reasonable to assume that the trimmed data would be erased when saving the picture. Unfortunately, however, the bug leaves cropped image data within the original file. This vulnerability affected both the Google Pixel markup tool and the Windows Snipping Tool.

microsoft 365 copilot release date

Microsoft releases update to patch aCropalypse vulnerability

Fortunately, Microsoft has taken action to address the security vulnerability by releasing security updates for both the Windows 10 Snip & Sketch and Windows 11 Snipping Tool programs on Thursday, March 24th, to fix the Acropalypse flaw. Reports Bleeping Computer.

Once you install this security update, your Windows 11 Snipping Tool will have version number 10.2008.3001.0, and Windows 10 Snip & Sketch will be version number 11.2302.20.0.

Microsoft has assigned the identifier CVE-2023-28303 to track this vulnerability and named it “Windows Snipping Tool Information Disclosure Vulnerability.”

The vulnerability is considered “Low” severity as it “involves rare user interaction and various factors beyond an attacker’s control.”


Why was the aCropalypse vulnerability classed as “low severity”

This is simply due to the circumstances around making the bug occur. To make the bug occur the user must do two things:

  1. The user must take a screenshot, save it to a file, modify the file (for example, crop it), and then save the modified file to the same location.
  2. The user must open an image in Snipping Tool, modify the file (for example, crop it), and then save the modified file to the same location.

This is a pretty uncommon practice, at least in our experience. This means that the user would have to modify the original screenshot with Windows native snip tools, to crop out sensitive info.

Also, the other factor to consider is whether or not the image was shared publicly, if not then there’s very little chance the image could fall into the hands of bad actors.

Is Windows 11 safe?

Overall, Windows 11 remains incredibly safe to use, it is “ultra-secure”. Regardless the aCropalpse issue is a major one, however, it has now been dealt with. There was a similar issue with reversible cropping in Google Docs, where users who only had “view-only” access could recover original versions of cropped images without the Editor permission.

As with anything, it’s all too easy to panic. But take a step back and always remember to practice safe online usage and never give away anything that could potentially lead to someone gaining access to sensitive information. We hope this news that Microsoft patched “aCropalypse” vulnerability in Windows 11 brings you peace of mind.


Jack is a Tech and News Writer who has a vast and proficient knowledge of CPUs, Motherboards, and Computer technology.

Trusted Source

WePC’s mission is to be the most trusted site in tech. Our editorial content is 100% independent and we put every product we review through a rigorous testing process before telling you exactly what we think. We won’t recommend anything we wouldn’t use ourselves. Read more