Windows Snip & Sketch/Snipping Tool Vulnerability

Today I will Discuss how to Mitigate windows snipping tool information disclosure vulnerability (CVE-2023-28303) which is also known as Acropalypse Vulnerability.

In the ever-evolving landscape of cybersecurity, it is crucial for organizations and individuals alike to stay vigilant against potential vulnerabilities in commonly used software. Recently, a significant information disclosure vulnerability has been identified in Windows Snip & Sketch for Windows 10 and Snipping Tool for Windows 11, designated as CVE-2023-28303 or Acropalypse. This vulnerability allows parts of a cropped image that were intended to be removed to persist in the saved image file, posing a potential security risk.

In this blog post, we will guide you through the process of mitigating this vulnerability by updating the affected applications. The solution involves upgrading to Snip & Sketch version 10.2008.3001.0 for Windows 10 and Snipping Tool version 11.2302.20.0 for Windows 11 or later. We’ll also provide a step-by-step process using a PowerShell script to uninstall the older versions and install the latest ones using an offline MSIX bundle.

Understanding the Vulnerability:

The vulnerability stems from an information disclosure issue where cropped portions of an image are not entirely deleted and can be restored from the saved image file. It is crucial to address this vulnerability promptly to ensure the security and privacy of sensitive information.

Identifying the Vulnerability:

The vulnerability has been assigned the following identifiers for tracking and reporting:

– Tenable ID: 177217

– Qualys ID: 378131

It’s worth noting that Nessus has not directly tested for this issue but relies on the application’s self-reported version number.

Solution Overview:

To address the vulnerability, the recommended solution is to upgrade to the latest versions of Snip & Sketch and Snipping Tool. For Windows 10, upgrade to Snip & Sketch version 10.2008.3001.0, and for Windows 11, upgrade to Snipping Tool version 11.2302.20.0 or later.

Prerequisites:

Before proceeding with the update, ensure that you have the offline MSIX bundle of the latest version of the Snipping Tool Microsoft Store app. If you need assistance in obtaining the bundle, detailed instructions are available [link to be provided].

Step-by-Step Process:

Obtain the Offline Bundle:

– Make sure you have the offline MSIX bundle of the latest version of the Snipping Tool Store app.

Edit the PowerShell Script:

– Replace the package names in the `$packages` array with the versions you want to remove.

– Update the `-PackagePath` parameter in the `Add-AppxProvisionedPackage` command with the correct path to your offline bundle.

“`powershell

# PowerShell Script

———-Script Starts———-

$packages = @(

“Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe”,

“Microsoft.ScreenSketch_10.2008.2277.0_x64__8wekyb3d8bbwe”

)

foreach ($package in $packages) {

$appxname = Get-AppxPackage -AllUsers | Where-Object { $_.PackageFullName -eq $package } | Select-Object -ExpandProperty PackageFullName

if ($appxname) {

Remove-AppxPackage -AllUsers -Package $appxname

Write-Output “$appxname removed successfully”

} else {

Write-Output “$package is not installed on this computer”

}

Start-Sleep -Seconds 10

Add-AppxProvisionedPackage -Online -PackagePath “\Path\To\Your\Microsoft.ScreenSketch_2022.2309.16.neutral_2 8wekyb3d8bbwe.Msixbundle” -SkipLicense

}

“`

———-Script End———-

Here’s a breakdown of the script’s components:

$packages Array

– This array, named `$packages`, contains specific versions of the Snipping Tool that the script targets for removal. Adjustments can be made to this array to include or exclude versions as needed.

foreach Loop:

– The script utilizes a `foreach` loop to iterate through each package specified in the `$packages` array.

Get-AppxPackage cmdlet:

– Within the loop, the `Get-AppxPackage` cmdlet is used to retrieve information about installed Appx packages on the system for all users.

Where-Object:

– The `Where-Object` cmdlet filters the results to match the `PackageFullName` property with the current `$package` in the loop.

Select-Object:

– The `Select-Object` cmdlet is then used to extract the `PackageFullName` property for the matched Snipping Tool package.

if-else Condition:

– An `if-else` condition checks if the `$appxname` (PackageFullName) is not null, indicating that the specified version of the Snipping Tool is installed.

Remove-AppxPackage cmdlet:

– If the Snipping Tool package is found, the `Remove-AppxPackage` cmdlet is used to uninstall the package for all users.

Add-AppxProvisionedPackage cmdlet:

– After removing the Snipping Tool, you can add a provisioned package using the `Add-AppxProvisionedPackage` cmdlet. This cmdlet installs the Snipping Tool using an MSIX bundle.

Make sure to adjust the script accordingly with the correct MSIX bundle path for the Snipping Tool installation.

Run the Script:

– Execute the PowerShell script in an elevated PowerShell window.

Verification:

After the script completes, verify the success of the update by checking for any error messages and ensuring that the latest version of the Microsoft Store app is installed.

Conclusion:

By following this comprehensive guide, you can efficiently mitigate the Windows Snip & Sketch/Snipping Tool vulnerability (CVE-2023-28303) and ensure the security of your Windows operating system. Regularly updating applications is crucial to stay protected against potential threats and to benefit from the latest features, improvements, and security patches.

Stay tuned for more tech tips and guides on our blog to keep your systems secure and up-to-date. Your commitment to cybersecurity is paramount in safeguarding your digital assets and maintaining a robust defense against evolving threats.