Update to fix Windows 'bug that can restore edited screenshots' will be delivered

It has been reported that screenshots taken and edited on Windows have a vulnerability that ``images can be restored to the state before editing'', but an update to fix this bug has been distributed. I was.

Microsoft pushes OOB security updates for Windows Snipping tool flaw


Microsoft fixes reversible screenshot vulnerability on Windows - The Verge

Security researcher David Buchanan reports a vulnerability that images edited with Snipping Tool , a screenshot shooting and editing tool that is standard in Windows 11, can be restored to the state before editing. It was also pointed out that similar vulnerabilities exist in the tools, cut & sketch installed in Windows 10.

It turns out that there is a ``vulnerability that can restore data before editing'' in the screenshot editing function of Windows 11 - GIGAZINE

This vulnerability, named ' CVE-2023-28303 ', is caused by the fact that when an image is edited (cropped, blurred, etc.) to overwrite the original file, the original file remains undeleted. occurs.

For example, by taking a screenshot of the screen on which personal information is displayed, the image may be cropped or edited so that the personal information is hidden. This means that there is a possibility that information will be leaked.

Similarly, a vulnerability that can restore edited screenshots has been reported in the markup application installed in the Pixel series of genuine Google smartphones.

Vulnerability in Google Pixel's screenshot editing function, danger of personal information leakage - GIGAZINE

For example, there is usually no data in the end of image (IEND) part of an edited PNG image. However, in the case of images affected by 'CVE-2023-28303', there is extra data in this IEND part, and it seems that the image can be restored to its original state.

According to BleepingComputer, many images affected by this vulnerability are published on the Internet. Malware inspection website VirusTotal says it may host more than 4,000 images affected by CVE-2023-28303.

Microsoft is testing a fix for CVE-2023-28303 on the Windows Insider Canary and has delivered a security update that addresses the vulnerability on the evening of the 24th local time. This security update affects Snipping Tool in Windows 11 and Snip & Sketch in Windows 10.

CVE-2023-28303 - Security Update Guide - Microsoft - Windows Snipping Tool Information Disclosure Vulnerability

After installing this security update, Windows 11 Snipping Tool will be version 11.2302.20.0 and Windows 10 Snip & Sketch will be version 10.2008.3001.0.

Microsoft has classified the severity of CVE-2023-28303 as 'low' and has identified the following two conditions that cause the problem.

1: The user takes a screenshot, saves the file, edits the file (for example, trims it), and then overwrites it.
2: The user opens the image with the Snipping Tool, edits the file (for example, trimming), and then overwrites it.

In other words, if you overwrite and save the edited image, a problem will occur, but if you save the edited image as a new one, it seems that you can not restore it to the state before editing.

in Software,   Security, Posted by logu_ii