Is it time to recall Windows 11?
A researcher just proved malware can still extract all the data that Windows’s AI feature Recall has ever logged—a year after Microsoft’s promised security fix.
• 3 min read
TL;DR: Microsoft released Recall to the public last April—an AI feature that captures your computer screen every few seconds. The release came with a promised security fix after months in previews, but a researcher just proved it’s still exploitable. It’s the latest entry in a long list of user grievances around AI and Windows 11, an OS that’s recently gained market share probably due more to Microsoft killing Windows 10 support than because anyone actually wanted it.
What happened: A cybersecurity researcher has shown that malware can silently extract hoards of data collected by Windows Recall—a supposedly convenient feature that periodically captures what you’re doing on your PC and uses AI to make it all searchable. (This can include anything you’re looking at on your screen, from bank account details to your most regrettable Google searches.) Backlash around its security initially delayed the feature’s launch, and it was released to the public last April with encrypted storage and biometric authentication. Apparently, that wasn’t enough.
The problem: Recall’s data usually sits locked in a secure vault, but malware can trigger Recall to unlock by prompting a real Windows security pop-up where users verify their identity. Once the vault opens, Recall hands your data off to a separate, unprotected process to display it on screen—and that’s when the malware intercepts it.
No fix appears to be coming; Microsoft doesn’t consider this an actual vulnerability, since the OS intentionally allows processes to interact with one another—the same way antivirus software does in order to protect your PC. But such handoffs are typically a momentary exchange with one credential or file, rather than a running record of everything you do on your PC. Some experts argue Recall’s central feature is the real problem and another example of a recurring tension with AI features offering convenience at the cost of security.
Tech news that makes sense of your fast-moving world.
Tech Brew breaks down the biggest tech news, emerging innovations, workplace tools, and cultural trends so you can understand what's new and why it matters.
By subscribing, you accept our Terms & Privacy Policy.
Microslop: It’s not just Recall—since its 2021 launch, Windows 11 has faced very public backlash over annoyances like forced Copilot integrations and Start menu ads. The AI features users haven’t asked for—and can't easily get rid of—even earned the company a new nickname: “Microslop.”
Bottom line: Microsoft’s deployment of yet another unsecured AI feature helps feed the perception many users have of Windows 11—as an OS engineered for Microsoft’s data collection and revenue aims rather than a positive user experience. Some people are eagerly hoping Windows 12 will be better, banking on the folk wisdom that every alternating major Windows release is good. But the Copilot genie is already out of the bottle, and it’ll be very hard to put it back in. —WK
Also at Microsoft…
- The company’s answer to the smash-hit MacBook Neo release: discounts and freebies for students.
About the author
Whizy Kim
Whizy is a writer for Tech Brew, covering all the ways tech intersects with our lives.
Tech news that makes sense of your fast-moving world.
Tech Brew breaks down the biggest tech news, emerging innovations, workplace tools, and cultural trends so you can understand what's new and why it matters.
By subscribing, you accept our Terms & Privacy Policy.