Windows Recall data extraction

Windows Recall is supposed to keep a searchable history of what you did on a personal computer. A new researcher tool shows that history can still be extracted after Microsoft’s 2024 redesign. (theverge.com) Recall works by saving snapshots of the active screen every few seconds, storing them locally, and using image recognition so users can search for past text and images in plain language. Microsoft says the feature reached general availability on Copilot+ personal computers on April 25, 2025, after months of delay and redesign. (learn.microsoft.com) Microsoft’s current design says Recall data is protected inside a virtualization-based security enclave, tied to Windows Hello sign-in, and kept on the device instead of being sent to Microsoft’s cloud. Microsoft also says Recall is opt-in for users and disabled by default on managed work devices. (blogs.windows.com) (learn.microsoft.com) The new issue is not a break of the encrypted vault itself. Researcher Alexander Hagenah’s “TotalRecall Reloaded” targets AIXHost.exe, the process that displays Recall’s timeline after a user unlocks it with Windows Hello. (github.com) (itnews.com.au) Hagenah wrote that a program running as the same logged-in user can inject code into AIXHost.exe, call Recall’s own Common Object Model interfaces, and pull out decrypted screenshots, text extracted from images, and metadata. His project page says the method needs no administrator rights, no kernel exploit, and no break of the encryption itself. (github.com) That distinction tracks with Microsoft’s own architecture notes from September 27, 2024. The company said Recall user-interface components run outside the secure enclave and are treated as untrusted, while only the data and keys stay inside the enclave until a user requests access. (blogs.windows.com) Recall has been under scrutiny since May and June 2024, when Microsoft first introduced it for Copilot+ personal computers and researchers showed that early versions stored a database that was easier to read than many users expected. Microsoft then paused the rollout on June 7, 2024, and moved the feature into a longer preview cycle. (blogs.windows.com) (itnews.com.au) Microsoft’s position has not matched the researcher’s. iTnews reported that Microsoft reviewed Hagenah’s March 6, 2026 submission and closed it on April 3, 2026 as “Not a Vulnerability,” saying the behavior fits Recall’s documented security design for a user already logged into the device. (itnews.com.au) For users and information-technology administrators, the practical question is narrower than the encryption debate: whether software already running in a user session should be able to ride along after that user opens Recall. Microsoft’s existing guidance already points organizations to policies that can disable Recall or restrict what gets saved. (learn.microsoft.com 1) (learn.microsoft.com 2) The latest demonstration does not show Recall data leaking to the internet or to another user account. It shows that once Recall is unlocked, the path between the secure vault and the on-screen timeline is still where the fight is. (github.com) (blogs.windows.com)