Windows 11 Snipping Tool app bug can expose cropped edits

The Snipping Tool for Windows 11 has a vulnerability that can expose the parts of an image after cropping and saving the file.

Snipping Tool crop bug
Snipping Tool crop bug
  • Snipping Tool vulnerability keeps original image data after cropping.
  • Researchers found that the flaw is available on the app for Windows 11 and 10.
  • Microsoft is aware of the problem and working on a resolution.

Researchers find that the screenshot app (known as Snipping Tool) for Windows 11 (and 10) has a bug that doesn’t remove from the file the parts you may have cropped out, making it easier for hackers to gain access to edit parts of an image you didn’t want other to see.

According to David Buchanan on Twitter, the original information may remain in the file when using the Snipping Tool to take a screenshot and then save the file, crop the image, and save the file again.

Although this is a privacy concern, it’s not the case that anyone could access the original image since they would need specially crafted code to view the data. Also, the vulnerability only appears when you save the file, then crop and save again. If you take a screenshot with Snipping Tool and edit the image before saving it, the app will not save the original data.

The Snipping Tool is not the only app with this problem. Researchers recently also discovered that the cropping tool available on Google Pixel devices doesn’t remove the parts the user crops out from an image. Furthermore, it has also been said that the same code to see the rest of an image cropped by a Pixel device (with little modification) can be used to reveal the information from a screenshot taken by the Snipping Tool.

In a comment to The Verge, Microsoft has said that it’s aware of the reports and investigating and plans to take action accordingly to protect customers’ data.

Update March 23, 2023: Microsoft has identified the issue and has already created an update to resolve the problem. The Snipping Tool version 11.2302.20.0 containing the fix is currently available to participants with computers enrolled in the Windows Insider Program. Once the patch has proven to be effective and there aren’t other issues, the company will roll out the update to everyone with devices running Windows 11 or Windows 10.

About the author

Mauro Huculak is a Windows expert and the Editor-in-Chief who started Pureinfotech in 2010 as an independent online publication. He is also been a Windows Central contributor for nearly a decade. Mauro has over 12 years of experience writing comprehensive guides and creating professional videos about Windows, software, and related technologies, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 20 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me.