Microsoft fixes reversible screenshot vulnerability on Windows


It is important to note that Microsoft has since released an update to fix the screenshot editing vulnerability (CVE-2023-28303) in both the Snip & Sketch app on Windows 10 and the Snipping Tool on Windows 11. The issue only affects images that have been taken, saved, edited, and then saved over the original file, as well as the ones opened in the Snipping Tool, edited, and then saved to the same location. It does not impact screenshots that had been copied and pasted to other locations. The vulnerability was brought to Microsoft’s attention by security researchers who had discovered a similar vulnerability affecting the Google Pixel’s Markup tool. Users are advised to install the update as soon as possible to protect their personal information from being revealed by potential bad actors.

That is correct. It is important to note that the update released by Microsoft will not update edited screenshots that have already been posted online, which could potentially leave them vulnerable to exploitation by bad actors. Users who have posted edited screenshots online are advised to go back and delete them if possible, or to consider redacting any personal information that may have been inadvertently revealed. Additionally, users should always exercise caution when sharing sensitive information online, even if they believe it has been properly edited or obscured.