Pinned April 20, 2023

<> Embed

@  Email


Uploaded by user
Microsoft releases fix for Windows 11 screenshot privacy bug
<> Embed @  Email Report

Microsoft releases fix for Windows 11 screenshot privacy bug

Windows 11 security flaw exposes cropped-out screenshot data

Jon Fingas
Jon Fingas

It’s not just Android phones that are vulnerable to a screenshot security flaw. Developer Chris Blume has discovered that Windows 11’s Snipping Tool falls prey to a similar exploit. The utility doesn’t completely erase unused PNG image data, making it possible to recover some of the cropped-out picture and potentially obtain sensitive data. As BleepingComputer verified with researcher David Buchanan, you can extract the supposedly hidden info using a slightly modified version of the script used to demonstrate the Android vulnerability.

The issue doesn’t affect some PNG files, including optimized images. You can also wipe the unused data by saving the cropped picture as another file in an image editing tool. JPEG files also leave data from the original screenshot, but the exploit isn’t known to work with the format at this stage.

We’ve asked Microsoft for comment and will let you know if we hear back. In a statement to BleepingComputer, Microsoft says it’s “investigating” the security reports and will “take action as needed” to protect users.

Buchanan and programmer Simon Aarons recently found a severe “aCropalypse” flaw in the Markup screenshot feature on Google Pixel phones. While Google has since patched the security hole with its March update (now expanded to Pixel 6 phones), the fix only addresses images created after installing the patch. Provided Microsoft releases a corresponding Windows 11 update, existing images may have the same problem.

The concern, as you might guess, is that an intruder with access to your images might use a script to recover information you intend to hide, such as contacts and business secrets. The culprit could use the info for harassment, blackmail or espionage. While this may not be as much of a headache for locally stored screenshots (you have larger problems if an attacker already has access to your device), it could be very troublesome for unmodified images you save in the cloud.


Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics