Avertium’s threat hunters remain vigilant in locating IoCs for our customers. To update your system with the security patches, launch the Microsoft Store, navigate to Library > Get Updates, and the most recent version of Windows Snipping Tool will be installed automatically.Īt this time, there are no known IoCs associated with CVE-2023-28303.Avertium recommends that all users apply the appropriate update for CVE-2023-28303 as soon as possible.For Snipping Tool installed on Windows 11, app versions 11.2302.20.0 and later contain this update.For Snip and Sketch installed on Windows 10, app versions 10.2008.3001.0 and later contain this update.To check to see if the update is installed, Microsoft stated the following:.Microsoft addressed CVE-2023-28303 in the Snip and Sketch application version 10.2008.3001.0, which is installed on Windows 10, and in the Snipping Tool version 11.2302.20.0, which is installed on Windows 11. The flaw does not impact instances where the user copies an image from the Snipping Tool or modifies it before saving it.
The user needs to first open the image in Snipping Tool, make the necessary modifications (cropping), and save the edited file in the same location.The user must take a screen shot, save it as a file, make the necessary modifications (cropping), and save the edited file in the same location.Successful exploitation of CVE-2023-28303 requires that the user does the following: Although the severity of the vulnerability is low, successful exploitation could reveal sensitive information that may have been cropped out. The vulnerability impacts the Windows 10 and 11 Snipping tool and allows attackers to recover edited portions of screenshots.ĬVE-2023-28303 has a CVSS score of 3.3 and affects the Snip and Sketch app on Windows 10 and the snipping Tool on Windows 11. Microsoft released an emergency security update for “Acropalypse” (CVE-2023-28303).
0 kommentar(er)
