Researcher Exposes Flaw in Windows 11 Recall's Data Protection After Authentication

Security researcher Alexander Hagenah released an updated version of his TotalRecall tool on April 15, demonstrating that Windows 11's Recall feature can be accessed through a secondary system process after a user authenticates with Windows Hello. Microsoft classified the issue as "not a vulnerability" on April 3 and said it does not plan to fix it.

Hagenah's TotalRecall Reloaded tool exploits a gap in Recall's security architecture by injecting code into AIXHost.exe, a system process that handles data transmission after the encrypted Recall database is unlocked. Unlike the Recall database itself, which requires Windows Hello authentication to decrypt, AIXHost.exe does not maintain the same security protections, allowing the tool to intercept screenshots, OCR'd text, and metadata once a user has authenticated.

The tool can perform several functions without any authentication, including capturing the most recent Recall screenshot, accessing metadata about the database, and deleting the entire Recall database. After a user logs in with Windows Hello, TotalRecall Reloaded can access both newly recorded information and historical data already stored in Recall's database. Hagenah described the vulnerability in technical terms: "The vault is solid. The delivery truck is not."

Hagenah reported his findings to Microsoft's Security Response Center on March 6. In its official response on April 3, Microsoft stated that "the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data." The company noted that authentication sessions have timeout limits and anti-hammering protections to restrict malicious queries.

Security researcher Troy Hunt, commenting on the disclosure in the technology community, noted that the distinction between the encrypted database and the authenticated session process represents a meaningful gap, even if Microsoft views it as acceptable under its current threat model. Users on X and Reddit highlighted concerns that anyone with physical access to a PC and knowledge of a Windows Hello PIN fallback could access months of recorded activity including emails, messages, and web browsing history.

THE DETAILS (continued): Recall was originally launched two years ago as an exclusive feature for Copilot+ PCs with neural processing units. The initial version stored unencrypted screenshots and activity logs directly on disk, prompting security researchers and journalists to expose the vulnerability. Microsoft delayed the feature by nearly a year and implemented encryption, Windows Hello authentication requirements, and improved content filtering to exclude sensitive financial information before reintroducing it in encrypted form with the feature turned off by default.

Context

Recall represents Microsoft's attempt to create a searchable record of user activity by capturing periodic screenshots and using optical character recognition to index text. The original 2024 implementation stored this data in plaintext, making it accessible to anyone with local or remote access to the device. The redesigned version encrypts all stored data and requires biometric or PIN authentication to access it, marking a significant security improvement over the initial rollout.

The TotalRecall tool itself was first released after the original Recall vulnerability became public, demonstrating how trivial it was to extract unencrypted activity records. Hagenah's updated version shows that even after Microsoft's security overhaul, the process of delivering decrypted data to system processes creates an exploitable window. This follows a pattern seen in other security incidents where encryption protects data at rest but leaves it vulnerable during active use.

What's Next

Microsoft's decision not to treat this as a vulnerability suggests the company views the current architecture as acceptable provided users maintain secure authentication credentials and physical access controls. However, the disclosure will likely prompt security-conscious users to disable Recall entirely, potentially limiting adoption of a feature Microsoft positioned as a core benefit of Copilot+ hardware. The company may face pressure from enterprise customers and security researchers to redesign how AIXHost.exe handles authenticated data transmission, particularly as Recall becomes more widely deployed across Windows 11 systems in 2026 and beyond.