Editor's take: Windows Recall continues to raise security concerns. Microsoft has redesigned the feature to improve data and identity protection following public outcry, but a new tool is now reigniting the controversy. I have to suspect that few people in their right mind would choose to enable or use it at this point.
Alexander Hagenah previously exposed issues affecting Windows Recall with his TotalRecall tool, prompting Microsoft to redesign the feature around stronger architectural principles. Now, the security researcher is once again highlighting Recall's weaknesses with TotalRecall Reloaded. The updated tool can reportedly bypass protections in Recall and access private user data stored by the controversial AI-based feature.
The TotalRecall Reloaded GitHub page explains that the tool does not require admin access or elevated privileges to function. It operates within a standard user account, does not exploit any kernel vulnerability, and does not need to bypass or decrypt Recall's encrypted data. Instead, it uses standard COM calls to interact with "AIXHost.exe," the process responsible for rendering the Recall timeline while users browse captured data.
Hagenah argues that AIXHost.exe is the true weak point in the redesigned Recall system. He says the data collection mechanism itself is relatively robust, citing the use of VBS enclaves, AES-256-GCM encryption, Windows Hello authentication, and other security measures that create a "vault" for storing captured user data.
TotalRecall Reloaded does not bypass these security features, and it still requires the user to authenticate through Windows Hello biometric verification. After obtaining valid authentication, the tool "rides along" with the AIXHost.exe process to access, extract, and potentially misuse previously recorded data.
Hagenah said that "Recall doesn't just take screenshots. It builds a comprehensive behavioral profile of everything you do on your computer. Every few seconds, it captures a screenshot, runs OCR and (supposedly) AI classification on it, and stores the result in an encrypted SQLite database."
The developer says he reported his findings to Microsoft, as he had done previously. However, this time the company responded that the behavior demonstrated by TotalRecall Reloaded does not indicate any new vulnerability or bug. Microsoft stated that Recall's security boundaries are not being bypassed, and that the Windows Hello authentication period includes timeout and anti-hammering protections designed to limit the impact of unauthorized queries.
Hagenah warned that Microsoft's explanation is questionable. He said his tool can bypass timeout protections by re-polling the database to access data repeatedly. In his view, Recall is functioning as intended: "Your entire digital life, indexed and searchable. As intended." He also noted that privacy-focused tools and services are now actively interfering with Recall's data collection capabilities.