Microsoft assigns CVE to Snipping Tool bug, pushes patch to Store - #aCropalypse
2023-04-03 > It’s unlikely that this is limited to Pixel phones and Windows, it’s likely in other places as well. Make sure whatever you’re screenshotting has no sensitive information in the first place. _Microsoft has released a patch, plugging the problem with their screenshot tools that allowed cropped information to be recovered within the file. --Darien Kindlund_ [View Article](https://blog.trailofbits.com/2023/03/30/acropalypse-polytracker-blind-spots/) 2023-03-28 > What images have been shared across social media and other channels that could have more data uncovered because the person who shared it had no idea about this vulnerability? _Windows 11 and 10 snipping tools faced the same problem as the Google Pixel phone, allowing recipients of screenshotted images to recover all of the images original information. This is being called the aCropalypse. --Darien Kindlund_ [View Article](https://thehackernews.com/2023/03/microsoft-issues-patch-for-acropalypse.html) 2023-03-27 _Verify any images that have been edited with the Windows Snipping Tool or Google Pixel's Markup Tool for extra data after the IEND marker to determine if you are affected by this vulnerability. To mitigate, update your Windows 10 and 11 systems to the latest security patch released by Microsoft and switch to a different image editor that does not have this vulnerability. Additionally, prevent access to file shares, remote access to systems, and unnecessary services using network concentrators, RDP gateways or other mechanisms. Protect sensitive information with strong encryption and use network appliances to filter ingress or egress traffic as well as configure software on endpoints for further filtering of network traffic. Lastly, remove or deny access to unnecessary and potentially vulnerable software in order to prevent abuse by adversaries. --Darien Kindlund_ [View Article](https://gridinsoft.com/blogs/acropalypse-vulnerability-for-windows/)