Windows screenshot tool vulnerability: aCropalypse, reads your private information. (Update Fixed)

An easy way for hackers to gain private information

Microsoft has released an out-of-band update to address the privacy-defeating flaw in its screenshot editing tool for Windows 10 and Windows 11. This vulnerability, dubbed aCropalypse, could potentially allow malicious actors to recover edited portions of screenshots and reveal sensitive information that may have been cropped out.

Threat to your desktop files

This vulnerability exploits snippets on your desktop, let’s say you have a bank statement that you save to your desktop. Now you use that same file and crop out and/or blur your personal information such as a banking number, SIN number, or any other confidential information you had wished to keep hidden in this document. When you save the new file with the information blurred – with the same filename and in the same location – it will leave the original file which can be accessed by the hacker, leaving your private information in the hands of the exploiter.

What can you do?

This flaw only works on files saved to your desktop. If you use a saved file within your files folder (file explorer) you should be ok and bypass this security flaw.

The default Snipping Tool in Windows 10 and older versions are unaffected. Only Snip & Sketch in Windows 10 and Snipping Tool in Windows 11 are affected by this vulnerability. A security update has been released for these applications, which are available through the Microsoft Store. Make sure to keep your systems up to date and secure from these vulnerabilities.

(Update) Microsoft has fixed this Snipping Tool vulnerability in both Windows 10 and Windows 11.  (Update)

You can download the latest updates for the affected apps on Windows by heading to the Microsoft Store,-> clicking Library, and then –> choosing Get updates.


As always, if you have any reason to believe your organization has used malicious software, or like to ensure all your software is free of security exploits. Please do not hesitate to contact our incident response team.