Microsoft’s Windows Recall feature—designed to capture and later reconstruct user activity on a PC—has returned to the center of a security and privacy debate. After the company faced backlash and delayed the rollout by approximately one year to redesign and secure Recall, cybersecurity expert Alexander Hagenah released a tool called TotalRecall Reloaded that demonstrates potential ways the feature’s protections could be challenged. Microsoft told The Verge that it found no vulnerability in the demonstrated access patterns.
Recall’s design: screenshots and secure storage
Recall is an AI-powered Windows feature that captures screenshots of user activity on a PC. According to The Verge, Recall’s stored history extends beyond images to include text that appears on screen, messages, emails, documents, and browsing history.
Microsoft’s redesign effort focused on creating a secure storage model for Recall data. The approach includes a secure vault for Recall data, protected by Windows Hello authentication (face or fingerprint) and a virtualization-based security (VBS) enclave. In a September 2024 blog post, Microsoft stated that requiring users to authenticate before enabling snapshots would restrict attempts by “latent malware” to “ride along” with user authentication to steal data. The Verge reports that Hagenah disputes how effectively that boundary functions in practice.
TotalRecall Reloaded: extracting Recall data after authentication
TotalRecall Reloaded is an update to the earlier TotalRecall tool, which demonstrated weaknesses in the original Recall feature before Microsoft redesigned it.
According to The Verge, Hagenah’s research indicates that while the vault exists, the trust boundary may end prematurely. Hagenah stated: “My research shows that the vault is real, but the trust boundary ends too early.” He argues that TotalRecall Reloaded demonstrates the “latent malware” scenario Microsoft’s architecture is designed to prevent. The Verge describes the tool as capable of running silently in the background and activating the Recall timeline to force a user into authenticating with a Windows Hello prompt. After authentication, the tool can extract all data that Windows Recall has captured.
Hagenah is quoted by The Verge saying that this scenario is “precisely the scenario Microsoft’s architecture is supposed to restrict.” The article notes that Recall stores sensitive information beyond credentials, including a wide range of user activity data, which increases the potential impact if an attacker gains access to the captured content.
The Verge reports additional capabilities attributed to TotalRecall Reloaded. The tool can extract the latest cached Windows Recall screenshot without Windows Hello authentication and can also delete the entire capture history. The article notes a technical consideration: even if Windows Recall is protected by authentication, malware with sufficient system access could capture screenshots independently, with or without Recall, if it runs undetected on the PC.
Microsoft’s response: no vulnerability identified
Microsoft told The Verge that it does not believe a vulnerability exists. The Verge reports that Hagenah responsibly disclosed his findings to Microsoft, but the company closed the report and stated there was no vulnerability. In a statement to The Verge, David Weston, corporate vice president of Microsoft Security, said the access patterns Hagenah demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data. Weston also noted that the authorization period includes a timeout and anti-hammering protection that limit the impact of malicious queries.
Hagenah disputes Microsoft’s characterization of the timeout protections. The Verge quotes him: “I can re-poll the data, and what I am doing in my tool [is] to bypass it. And the timeout is patched out.” He also challenges Microsoft’s claim about the enclave preventing “latent malware riding along,” arguing that it “clearly doesn’t.”
The Verge references comments from CEO Satya Nadella to employees: “If you’re faced with the tradeoff between security and another priority, your answer is clear: Do security.” The article uses this to contextualize why Recall’s security model is significant within Microsoft’s stated priorities.
The core technical issue: protected storage versus rendering
The Verge reports that Hagenah believes the fundamental issue is not the cryptography, the enclave, the authentication mechanism, or the PPL component. Instead, Hagenah describes the problem as the flow of decrypted content: “It’s sending decrypted content to an unprotected process for rendering. The vault door is titanium. The wall next to it is drywall.”
This distinction—between protecting stored data and protecting the process that renders or handles decrypted content—represents a potential technical challenge in systems that use enclaves and user authentication. If an attacker can influence the rendering path after authentication, the system’s security may depend on whether downstream components are adequately isolated.
The Verge notes that Microsoft’s position is that Hagenah’s described access patterns are consistent with how Windows operates. The article states that regular user-mode processes can inject code into themselves as standard Windows behavior, which can create opportunities for exploitation. Observers may watch for whether Microsoft tightens the boundary around decrypted content or modifies the Recall pipeline to reduce exploitation opportunities during the transition from protected storage to unprotected rendering.
The article underscores that Recall stores sensitive data beyond passwords or browsing history. If that data is accessible through the patterns Hagenah describes, the original promise described by Microsoft—preventing “latent malware” from operating in the background—becomes central to the feature’s credibility with security-focused users and administrators.
Source: The Verge