The Windows Recall feature, designed to help users recover data, still has a serious security flaw. Despite a major update aimed at fixing issues, a cybersecurity researcher has shown that malware running in a user’s account can quietly extract all data Recall has collected. This can happen without needing administrator rights, kernel exploits, or breaking encryption, making it a hidden threat.

Security Flaws Revealed Again

Alexander Hagenah, an executive at Zürich-based financial infrastructure firm SIX Group, publicly shared his findings on LinkedIn. He also released a proof-of-concept tool called TotalRecall Reloaded, demonstrating how the flaw works. Hagenah first uncovered these security issues in 2024, which led Microsoft to temporarily remove Recall from preview and rebuild its security architecture.

Microsoft relaunched the feature in April 2025, claiming the new design would prevent malware from hijacking user authentication to steal data. However, Hagenah’s testing shows that this isn’t the case. His tool, TotalRecall Reloaded, can silently open a backdoor and extract all captured data without raising alarms, even when the new architecture is in place.

Microsoft’s Response and Concerns

Hagenah disclosed his research to Microsoft’s Security Response Center on March 6, providing detailed source code and steps to reproduce the issue. After reviewing it for a month, Microsoft closed the case on April 3, stating that the observed behavior didn’t break security boundaries or involve unauthorized data access. They maintained that the system’s protections are working as intended.

Hagenah expressed concern over this explanation. He told CSO that, although the encryption used in Recall is sound, the problem lies in how decrypted data is handled once it leaves the secure enclave. Specifically, once plaintext screenshots or extracted text are displayed in unprotected processes, they become vulnerable to interception by malicious software.

What Needs to Change

Hagenah believes fixing this issue is technically simple in the short term. Microsoft could add stronger protections to the process responsible for rendering Recall’s timeline, known as AIXHost.exe. Currently, this process lacks protections against code injection, which makes it possible for malware to manipulate it. Strengthening these defenses would prevent the specific attack demonstrated by Hagenah.

However, he warns that the deeper problem requires a more thoughtful approach. The core issue is how decrypted data is handled after it leaves the secure enclave. Hagenah emphasizes that Microsoft’s cryptography and enclave design are solid. The real challenge is to prevent decrypted content from being accessible in unprotected processes, reducing the risk of data leaks and silent thefts.

Overall, while Microsoft has made efforts to improve Recall’s security, Hagenah’s findings highlight that more work is needed. Protecting decrypted data at every stage remains crucial to prevent silent data extraction by malware running under user privileges. This ongoing vulnerability shows how complex securing modern features can be, even after significant updates.

Inspired by

• https://www.computerworld.com/article/4159649/microsofts-windows-recall-still-allows-silent-data-extraction-2.html

Sources

• cyberplace.social
• csoonline.com