Microsoft faces fresh Windows Recall security concerns

At a glance:

• Cybersecurity expert demonstrates new tool to extract Recall data
• Microsoft says existing protections are sufficient, no vulnerability found
• Recall stores screenshots, text history, messages, emails, and browsing data

Recall's troubled security journey continues

When Microsoft first unveiled Recall, an AI-powered Windows feature designed to capture and index nearly everything users do on their PCs, the response was swift and harsh. Cybersecurity professionals labeled it a "disaster" and a "privacy nightmare," citing the massive attack surface created by storing comprehensive screenshots and indexed data locally. The backlash was so severe that Microsoft delayed the feature's launch for nearly a year to redesign its security architecture.

The redesigned Recall promised robust protections through Windows Hello authentication and a Virtualization-based Security (VBS) Enclave. Users would need to authenticate with facial recognition or fingerprint before accessing their captured data, and snapshots would only be recorded after proper authentication. Microsoft positioned these measures as preventing "latent malware trying to 'ride along' with a user authentication to steal data."

New tool exposes persistent vulnerabilities

Alexander Hagenah, a cybersecurity researcher, has developed TotalRecall Reloaded, an updated version of his original TotalRecall tool that first exposed Recall's weaknesses. The new tool demonstrates that despite Microsoft's architectural changes, the fundamental security promise remains unfulfilled.

"My research shows that the vault is real, but the trust boundary ends too early," Hagenah explains. His tool can silently operate in the background, forcing the Recall timeline to prompt for Windows Hello authentication. Once the user authenticates, TotalRecall Reloaded extracts everything Recall has ever captured—precisely the scenario Microsoft's architecture was designed to prevent.

What Recall actually stores

The scope of data captured by Recall extends far beyond simple screenshots. The feature maintains a comprehensive history including:

• Text that has appeared on screen
• Messages and email content
• Document contents
• Browsing history
• Application usage patterns

This extensive data collection was part of Microsoft's vision to create an AI-powered memory system for PCs, but it also creates a treasure trove for potential attackers.

Microsoft's defense and researcher's rebuttal

Microsoft maintains that Hagenah's findings don't represent a security vulnerability. David Weston, corporate vice president of Microsoft Security, stated that "the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data."

The company points to timeout mechanisms and anti-hammering protections that limit the impact of malicious queries. However, Hagenah disputes these claims, telling The Verge that he can "re-poll the data" and that "the timeout is patched out" in his tool.

The fundamental architectural challenge

Microsoft's position is that this isn't a vulnerability but rather how Windows operates. Regular user-mode processes can inject code into themselves as legitimate behavior, creating flexibility that also enables abuse. Similar infostealer malware could extract 1Password data or browsing history if undetected by other Windows security tools.

The core issue, according to Hagenah, isn't the encryption, enclave, authentication, or protected process light (PPL) mechanisms—all of which he describes as "rock solid." Instead, the problem lies in sending decrypted content to an unprotected process for rendering. "The vault door is titanium. The wall next to it is drywall," he says.

What this means for users

Despite the concerns, Microsoft's redesign did address many initial security flaws. The VBS enclave implementation is described as "rock solid," and the authentication model is "stateless and race-free" with no bypasses found after thousands of tests. However, the persistence of these newer vulnerabilities suggests that even well-intentioned security architectures can have critical weak points.

For users, this means that while Recall's core security mechanisms are robust, the feature still presents risks that determined attackers could exploit. The question remains whether Microsoft will implement additional protections or maintain that the current architecture meets its security design goals.