TotalRecall Reloaded exposes Windows Recall security gap

Two years ago, Microsoft introduced Recall as part of its Copilot+ PCs, a feature designed to track PC usage via screenshots for easier recall of past activities. Initially criticized for storing unencrypted data, Microsoft delayed its rollout and improved security: data is now encrypted, accessible only via Windows Hello, turned off by default, and better at excluding sensitive information like financial details. However, Hagenah argues that while the Recall database itself—protected by a VBS enclave—is 'rock solid,' the AIXHost.exe process handling data lacks similar protections. 'The vault is solid. The delivery truck is not,' he wrote on the tool's GitHub page. The TotalRecall Reloaded tool injects a DLL into AIXHost.exe, allowing it to capture screenshots, OCR text, and metadata once the user authenticates. It can also access recent screenshots, database metadata, or delete the entire database without authentication, and continues intercepting even after Recall closes. Hagenah reported the issue to Microsoft's Security Response Center on March 6; the company classified it as 'not a vulnerability' on April 3. A Microsoft spokesperson stated, 'We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data. The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries.' Apps like Signal Messenger, AdGuard, and Brave Browser have implemented workarounds to exclude their content from Recall.