Microsoft pushes out an emergency fix for the dangerous ‘acropalypse’ bug
Here’s how to get it
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas acted swiftly to patch up the worrying ‘acropalypse’ bug thatwe reported onearlier this week – a bug that could enable information cropped out of images by the Windows screenshot tools to be recovered.
As perBleepingComputer, Microsoft has now issued an OOB (out-of-band or emergency) update that fixes the issue, which has the technical designation of CVE-2023-28303. Microsoft is recommending that users apply the update at their earliest opportunity, as you might expect.
Applying the update isn’t difficult at all: from the Microsoft Store, click the Library icon on the left, then pick Get updates (top right). This should force the patch to be applied, if it hasn’t already been automatically installed.
Carry on cropping
The bug – which is similar to one that has affected the Markup featureon Google Pixel phones– means that images and screenshots cropped in theWindows 11Snipping Tool and theWindows 10Snip and Sketch tool could be compromised.
Essentially, the CVE-2023-28303 vulnerability means that parts of a PNG or JPEG image that have been cropped out aren’t properly removed from the file after it’s saved again. Those cropped sections could include sensitive information such as bank account details or medical records, for example.
It’s important to note that applying the patch won’t fix any files that have already been cropped, only ones that are edited in the future. You’ll need to recrop any existing images to be sure the excess parts of the picture have been properly removed.
Analysis: a quick fix for a worrying bug
At first, the opportunity of recovering cropped out parts of images may not seem like a particularly terrible security vulnerability – after all, who cares if someone manages to add back in some empty sky that you’ve removed from one of your vacation photos?
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
There are lots of reasons that images are cropped though, as tech journalists know all too well. Personal information such as email addresses, bank account numbers and contact names need to be cut out of pictures before they’re shared widely on the internet.
With so many of us sharing so many of our photos with other people and on the web at large, it’s crucial from a security perspective that these images don’t reveal more than we want them too – something which was a problem with CVE-2023-28303.
Microsoft has at least acted quickly to get the fix tested and then applied – but it’s a concern that this same bug has appeared completely separately in software from both Microsoft andGooglein recent days.
Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.
Windows 11’s Paint and Notepad apps are getting smart new AI features – though one of the best will be for Copilot+ PCs only
Windows 11 24H2 misery continues, as Microsoft’s buggy update is now breaking printers – especially on Copilot+ PCs
Nokia confirms data breach leaked third-party code, but its data is safe
