Windows Screenshot Editor saves even cropped parts of an image

Engineer David Buchanan shared on his Twitter with an unpleasant find in Windows 10 and 11. This is a vulnerability in the built-in screenshot editing tools that allows you to restore parts of the image cropped by the user.

Buchanan discovered the vulnerability after he and colleague Simon Aarons told about a problem in Pixel smartphones called aCropalypse. In short: due to a bug in the Markup screenshot editor, photos processed with it can be restored. For example, they took a screenshot with a bank card. The picture was cropped, the card number was smeared on it and posted on Discord. Then it was downloaded and, with the help of a few lines of code, restored almost to its original state.

It is noteworthy that the code for recovering screenshots from Windows required minimal changes: the basis is completely identical to the tool for Pixel. In both cases, the method does not work perfectly: often part of the picture is lost, but this does not mean that attackers cannot benefit from this.

The exploit has a limitation: it only works if the user takes a screenshot, saves it, then crops it and saves it again. If you save only a piece of the screen at once, the extra data will not be recorded. It is noted that only two utilities are affected: Scissors in Windows 11 and Sketch on Screen Snip in Windows 10. Scissors for Windows 10 does not seem to have this vulnerability.

The author admits that he did wrong and told about the exploit on the Web before he reported it to Microsoft. Company representative Rachel Withers has already gave official comment: Microsoft has begun investigating reports of this problem, the necessary measures to protect users are going to be taken as soon as possible.