Flash Notice: Emergency Security Update Released for Windows 10 and 11 Snipping Tool

overview

Microsoft released an emergency security update for “Acropalypse” (CVE-2023-28303). The vulnerability impacts the Windows 10 and 11 Snipping tool and allows attackers to recover edited portions of screenshots.   

CVE-2023-28303 has a CVSS score of 3.3 and affects the Snip and Sketch app on Windows 10 and the snipping Tool on Windows 11. Although the severity of the vulnerability is low, successful exploitation could reveal sensitive information that may have been cropped out. Successful exploitation of CVE-2023-28303 requires that the user does the following:  

• The user must take a screen shot, save it as a file, make the necessary modifications (cropping), and save the edited file in the same location.  
• The user needs to first open the image in Snipping Tool, make the necessary modifications (cropping), and save the edited file in the same location.  

The flaw does not impact instances where the user copies an image from the Snipping Tool or modifies it before saving it. Microsoft addressed CVE-2023-28303 in the Snip and Sketch application version 10.2008.3001.0, which is installed on Windows 10, and in the Snipping Tool version 11.2302.20.0, which is installed on Windows 11.  

avertium's recommendations

• To check to see if the update is installed, Microsoft stated the following:  

• • For Snip and Sketch installed on Windows 10, app versions 10.2008.3001.0 and later contain this update. 
  • For Snipping Tool installed on Windows 11, app versions 11.2302.20.0 and later contain this update. 

• Avertium recommends that all users apply the appropriate update for CVE-2023-28303 as soon as possible. Microsoft has release patch guidance.  

• • To update your system with the security patches, launch the Microsoft Store, navigate to Library > Get Updates, and the most recent version of Windows Snipping Tool will be installed automatically.  

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-28303. Avertium’s threat hunters remain vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

How Avertium is Protecting Our CUSTOMERS

• Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
• Avertium offers Vulnerability Management to provide a deeper understanding and control over organizational information security risks. If your enterprise is facing challenges with the scope, resources, or skills required to implement a vulnerability management program with your team, outsourced solutions can help you bridge the gap.

SUPPORTING DOCUMENTATION