Microsoft faces renewed security concerns over Windows Recall

Microsoft is facing fresh scrutiny over Windows Recall, its controversial AI-powered feature that captures snapshots of user activity on a PC, after a security researcher released a new tool capable of extracting data from the redesigned system.

Recall was first announced as a flagship feature for Copilot+ PCs, designed to give Windows users a searchable history of what they had seen and done on their device. But the original launch was delayed after researchers and privacy advocates warned that the feature could create a major new security risk by storing screenshots and extracted text from a user’s activity.

Following the backlash, Microsoft reworked Recall with stronger protections, including encryption, Windows Hello authentication and a Virtualization-based Security Enclave, or VBS enclave. The company said the redesign was intended to prevent malware from simply “riding along” with a legitimate user authentication to access Recall data.

Now, cybersecurity researcher Alexander Hagenah says the redesigned version still leaves users exposed. Hagenah, who previously created the original TotalRecall tool that highlighted weaknesses in Recall’s first design, has released TotalRecall Reloaded, a proof-of-concept tool that can extract and display information captured by Recall.

According to Hagenah, the issue is not that Microsoft’s secure vault is broken. Instead, he argues that the trust boundary ends too early. Once a user authenticates with Windows Hello and Recall content is decrypted for display, that data can pass into a less protected process, where same-user malware could potentially access it.

“My research shows that the vault is real, but the trust boundary ends too early,” Hagenah told The Verge. He said TotalRecall Reloaded can run silently in the background, trigger the Recall timeline, prompt the user to authenticate with Windows Hello, and then extract data after authentication has taken place.

That is significant because Recall does not simply store screenshots. It can also preserve text that has appeared on screen, including content from messages, emails, documents, browsing activity and other potentially sensitive material. This makes the feature more powerful than a basic screenshot archive, but also more sensitive if accessed by malicious software.

Microsoft has rejected the claim that Hagenah’s findings represent a vulnerability. In a statement to The Verge, David Weston, Microsoft’s corporate vice president of security, said the demonstrated access patterns were “consistent with intended protections and existing controls” and did not amount to a bypass of a security boundary or unauthorised access to data.

Microsoft has also pointed to protections such as authentication timeouts and anti-hammering controls, which are designed to limit repeated malicious queries. Hagenah disputes that these protections adequately address the problem, arguing that his tool can work around the timeout behaviour and that Microsoft’s own stated goal was to prevent latent malware from accessing Recall data after user authentication.

The dispute highlights a deeper design question. Microsoft appears to view the behaviour as consistent with how Windows user-mode processes operate, where software running in a user’s session can interact with other user-level processes in ways that may be legitimate. Researchers argue that Recall creates a higher-risk target because it centralises a large volume of sensitive user activity in one searchable system.

Some security experts have noted that malware already running on a PC could capture screenshots, steal browser data or attempt to extract information from password managers if it evades other security tools. But critics say Recall changes the risk profile because it stores a much broader timeline of user activity in one place, potentially giving attackers a richer archive to target.

Hagenah has also acknowledged that Microsoft’s redesign improved the feature substantially. He has described the VBS enclave as strong and said the authentication model resisted direct bypass attempts. His criticism is focused on what happens after the protected data is decrypted for display, comparing the architecture to a strong vault with a weak wall beside it.

The renewed controversy comes after Microsoft spent much of the past year trying to rebuild trust in Recall. The company made the feature opt-in, added stronger authentication requirements and tied access to hardware-backed security protections. Recall’s rocky history also followed Microsoft chief executive Satya Nadella’s internal direction that security should take priority when trade-offs arise.

For users, the debate reinforces the need to understand what Recall does before enabling it. The feature may offer convenience by making past activity searchable, but it also involves storing a detailed history of screen activity on the device. Users handling sensitive financial, legal, medical or workplace information may want to carefully assess whether that trade-off is appropriate.

For Microsoft, the issue is not just whether TotalRecall Reloaded qualifies as a formal vulnerability. It is whether Recall’s security model meets the expectations the company created when it promised to protect users from malware attempting to ride along with authentication.

As AI-powered operating system features become more ambitious, the Recall debate is likely to remain a test case for how technology companies balance convenience, privacy and security. The core question is simple: when a feature is designed to remember almost everything, how much risk does that memory create if something else on the machine starts looking too?