By Simon Batt
Publication Date: 2026-04-15 15:56:00
Summary
- Recall’s vault is solid, but its delivery path exposes decrypted screenshots, OCR text, and metadata in AIXHost.exe.
- TotalRecall Reloaded injects into AIXHost.exe via COM calls to grab decrypted data—no admin, no kernel exploit needed.
- The researcher alerted Microsoft first, but the company claims Recall access aligns with intended protections and timeouts limit abuse.
Do you recall the old Recall drama? Back in June 2024, we caught wind that a researcher spotted Windows 11’s AI-powered history feature, Recall, storing all of its findings in plain text on people’s PCs. They believed that, if the tool was allowed to roll out for…
