Microsoft States New Windows Recall Bypass Is Not a Security Vulnerability

Microsoft Counters Windows Recall Security Concerns

Quick Overview

• Microsoft defends the Recall feature in Windows 11 against purported security vulnerabilities.
• Researcher Alexander Hagenah showcases a newly discovered bypass technique.
• Microsoft asserts that this method functions within the security framework of Recall.
• Recall integrates robust encryption and biometric verification mechanisms.
• The security issues concern the vulnerability of the AIXHost.exe process.
• Microsoft reasserts that there is no possibility of direct access to snapshots or encryption keys.

Context of Recall’s Security Apprehensions

Recall, an AI-enhanced capability in Windows 11, allows users to locate content on their devices, including sensitive information such as screenshots and browsing history. It came under fire in 2024 when researcher Alexander Hagenah uncovered weaknesses that permitted data extraction from an unprotected database. Microsoft halted the feature’s rollout and redesigned it, reintroducing it in April 2025.

Recent Bypass Discovery

Hagenah has recently pinpointed another vulnerability in the revamped Recall, claiming it enables complete content extraction from the AI tool’s SQLite database. This bypass occurs through the AIXHost.exe process, which lacks specific security restrictions and safeguards.

Microsoft’s Reaction

Microsoft disputes the notion that the bypass represents a security flaw, claiming it conforms to Recall’s established security schema. The corporation emphasizes its architectural design, which prevents any processes external to Virtualisation-Based Security (VBS) Enclaves from directly accessing encryption keys or snapshots.

Technical Perspectives

Recall’s security improvements comprise VBS enclaves, AES-256-GCM encryption, and Windows Hello authentication. Nonetheless, the AIXHost.exe process, essential for displaying the Recall timeline, operates beyond these secure enclaves, making it vulnerable to code injections without elevated privileges.

Conclusion

Microsoft asserts that the reported bypass concerning the Windows Recall utility does not constitute a security vulnerability, as it remains within the confines of the existing security architecture. In spite of concerns raised by researcher Alexander Hagenah, Microsoft reassures users that its infrastructure effectively curtails potential data leaks.

Q&A: Responding to Reader Queries

Q: What does the Windows Recall utility do?

A: Recall is an AI-powered feature in Windows 11 that aids users in searching and managing content, including screenshots and web history, on their devices.

Q: What was the newly identified vulnerability?

A: Researcher Alexander Hagenah discovered a technique to extract data from Recall’s SQLite database by taking advantage of the AIXHost.exe process, which has insufficient security protections.

Q: How has Microsoft reacted to the security concerns?

A: Microsoft maintains that the bypass is consistent with Recall’s documented security framework and does not constitute a security flaw, as it necessitates local user access and operates within existing protective measures.

Q: What safeguards are implemented for Recall?

A: Recall utilizes VBS enclaves, AES-256-GCM encryption, and Windows Hello biometric authentication to protect user information.

Q: Are there any dangers to users from this bypass?

A: Microsoft states that the bypass necessitates local access and functions within the outlined security framework, indicating minimal risk to users under typical circumstances.

• Category: Australia Tech News