Stealing Your Data Via TotalRecall Reloaded Is A Feature, Not A Bug?

Recall was introduced as a Copilot+ convenience, automatically logging screen captures and OCR‑derived text to a hidden database so users could retrieve past work. While the concept appealed to productivity‑focused users, the original implementation lacked encryption, prompting criticism from privacy advocates. Microsoft later added encryption for stored data, but the underlying write path remained exposed, creating a gap between data at rest and data in transit.

The newly disclosed vulnerability exploits AIXHost.exe, the Windows component that writes to the Recall database. By injecting a malicious DLL—without needing administrative privileges—an attacker can intercept the screenshot stream, harvest OCR‑extracted text, and collect metadata such as window titles and timestamps. The injection persists even after the user closes the Recall interface, effectively turning the feature into a real‑time surveillance tool. Because the attack does not rely on elevated rights, it can be launched from standard user accounts, widening the threat surface across both consumer and enterprise environments.

Microsoft’s decision to label the issue a "feature" rather than a security bug has sparked backlash from security researchers and corporate IT leaders. The stance suggests the company views data collection as an intended capability, not an unintended exposure, raising questions about consent and data governance. Enterprises may need to disable Recall by policy, deploy endpoint protection that blocks DLL injection, or adopt alternative session‑recording solutions. The episode underscores the broader challenge of balancing AI‑driven convenience with robust privacy safeguards in modern operating systems.