Stealing Your Data Via TotalRecall Reloaded Is A Feature, Not A Bug?

From The Author of TotalRecall Comes A Terrifying New Sequel

Microsoft did score some points by ensuring their security nightmare disguised as a convenient way to recall what you were looking at on your PC in the past is now disabled by default.  Their original push, which enabled Recall on any and all Copilot laptops automatically was as welcome as injecting Copilot into Notepad.  The fact it wasn’t properly encrypted was also horrific, something they did indeed fix for those that wanted to enable Recall.  Recall is more secure that it was, but that doesn’t mean snooping ne’er-do-wells can’t access it.

There is a new vulnerability which was discovered by the same security researcher, Alexander Hagenah, who created TotalRecall to demonstrate how ridiculously insecure the original implementation of Recall was.  Unfortunately in this case Microsoft has taken the position it is a feature and not a bug. 

If you have enabled Recall, the database of screenshots is secure, however the way in which Windows saves the data to the secured database is not.  The process, AIXHost.exe is vulnerable to a DLL injection, one which does not require admin privileges ‘can intercept screenshots, OCR’d text, and other metadata,’ in real time and can even do so once a user closes their Recall session.  As awful as that sounds, don’t expect a fix as Microsoft stated they do not consider this a vulnerability.