Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Dormant GitHub Accounts Hijacked for Corporate Source Code Reconnaissance
July 10, 2026
Ransomware Negotiator Jailed for Aiding BlackCat Attacks
July 10, 2026
GigaWiper Malware Wipes Windows Systems, Displays Fake Ransomware Notes
July 10, 2026
Home/CyberSecurity News/Critical Windows Snipping Tool Flaw CVE-2023-28303 Lets Attackers Spoof Networks
CyberSecurity News

Critical Windows Snipping Tool Flaw CVE-2023-28303 Lets Attackers Spoof Networks

Key Takeaways A moderate-severity spoofing vulnerability (CVE-2026-33829) was discovered in the Windows Snipping Tool. The flaw could enable attackers to steal NTLMv2 password hashes through...

David kimber
David kimber
April 17, 2026 3 Min Read
53 0

Key Takeaways

  • A moderate-severity spoofing vulnerability (CVE-2026-33829) was discovered in the Windows Snipping Tool.
  • The flaw could enable attackers to steal NTLMv2 password hashes through malicious deep links.
  • All supported versions of Windows 10, Windows 11, and Windows Server (2012-2025) are affected.
  • Microsoft released patches for this vulnerability on April 14, 2026.

Windows Snipping Tool Vulnerability Enables Credential Theft

Microsoft has addressed a security vulnerability within its Windows Snipping Tool that could have allowed malicious actors to compromise user credentials. This flaw, identified as CVE-2026-33829, is categorized as a moderate-severity spoofing vulnerability and was remedied as part of the scheduled security updates released on April 14, 2026.

Table Of Content

  • Key Takeaways
  • Windows Snipping Tool Vulnerability Enables Credential Theft
  • Exploitation Vector and Attack Chain
  • Affected Systems and Mitigation
  • What You Should Do

The discovery and subsequent reporting of this vulnerability were credited to security researchers at Blackarrow (Tarlogic). Their findings underscore the persistent security challenges posed by application URL handlers within Windows operating environments.

CVE-2026-33829 carries a CVSS 3.1 score of 4.3. It is primarily classified under CWE-200, which denotes the exposure of sensitive information to unauthorized entities. The core of the vulnerability lies in the Snipping Tool’s inadequate input validation when processing deep links, specifically those utilizing the ms-screensketch URI schema.

Exploitation Vector and Attack Chain

According to the joint vulnerability disclosure from Microsoft and Blackarrow, an attacker could exploit this weakness to compel an authenticated Server Message Block (SMB) connection to a server under their control. While user interaction is a prerequisite for exploitation, the overall attack complexity is rated as low. The proof-of-concept outlines the following attack sequence:

  • Malicious Link Creation: An attacker constructs a specially crafted web link incorporating the ms-screensketch: edit parameter.
  • Deceptive Routing: The filePath parameter within this link is configured to point to an external, malicious SMB server.
  • User Interaction: The victim is then socially engineered into clicking this link, typically via a phishing email or a compromised website. This action prompts the user to confirm the launch of the Snipping Tool application.
  • Hash Theft: Upon user approval, the Snipping Tool attempts to connect to the remote server to retrieve a non-existent file. During this connection, the user’s NTLMv2 password hash is silently leaked to the attacker’s server in the background.
  • Unauthorized Access: The attacker captures the stolen hash, which can then be used to authenticate as the compromised user on the network.

Cybersecurity experts caution that this vulnerability is highly suitable for social engineering tactics. An attacker could, for example, present a seemingly innocuous webpage instructing a user to crop a corporate image or modify a badge photograph. Although the Snipping Tool appears to function normally on the user’s screen, making the request seem harmless, the critical NTLM authentication occurs invisibly in the background.

Successful exploitation results in a loss of confidentiality but does not impact data integrity (alteration) or system availability (crashes). Microsoft has noted that the exploit code maturity is currently unproven, and the likelihood of exploitation is deemed “Unlikely,” with no reported instances of in-the-wild exploitation.

Affected Systems and Mitigation

The vulnerability, detailed on GitHub, affects a broad spectrum of Microsoft operating systems. This includes various versions of Windows 10, Windows 11, and Windows Server editions ranging from 2012 through 2025.

What You Should Do

  • Apply the official Microsoft security patches released on April 14, 2026, immediately to all affected systems.
  • Block outbound SMB traffic (Port 445) at the network perimeter to prevent NTLM hashes from being transmitted to external servers.
  • Conduct ongoing employee training to raise awareness about the risks of clicking suspicious links and indiscriminately approving application launch prompts from web browsers.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchphishingSecurityVulnerability

Share Article

David kimber

David kimber

David is a penetration tester turned security journalist with expertise in mobile security, IoT vulnerabilities, and exploit development. As an OSCP-certified security professional, David brings hands-on technical experience to his reporting on vulnerabilities and security research. His articles often feature detailed technical analysis of exploits and provide actionable defense recommendations. David maintains an active presence in the security research community and has contributed to multiple open-source security tools.

Previous Post

Microsoft Confirms Windows Server Reboot Loops After April Patches

Next Post

Windows Defender CVE-2023-XXXX Critical 0-Day Actively Exploited

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Wireshark 4.6.7 Fixes Critical Vulnerabilities Allowing Remote Code Execution
July 10, 2026
Critical U-Boot Flaws Allow Code Execution, DoS Attacks
July 10, 2026
OpenAI Introduces GPT-4o and ChatGPT-4o, Its New Flagship AI Models
July 10, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us