"TotalRecall Reloaded" tool exploits side entrance to Windows 11 Recall via AIXHost process

A new security tool exploits vulnerabilities in Microsoft Recall’s data delivery process, intercepting screenshots even after encryption was added to the feature.

By: AXL Media

Published: Apr 16, 2026, 4:16 AM EDT

Source: Information for this report was sourced from Ars Technica.

The Vulnerability of the "Delivery Truck"

Two years after the controversial debut of the AI-powered "Recall" feature on Copilot+ PCs, new security concerns have emerged. Researcher Alexander Hagenah, who authored the original tool that exposed Recall's initial lack of encryption, has launched an updated version titled "TotalRecall Reloaded." Hagenah describes the underlying encrypted database as "rock solid" but identifies a critical weakness in how data is handled once a user authenticates. He characterizes the flaw with a metaphor: "The vault is solid. The delivery truck is not."

Exploiting Post-Authentication Data Flows

The "TotalRecall Reloaded" tool works by injecting a DLL file into a specific system process known as AIXHost.exe. This injection can notably be performed without administrator privileges. Once active, the tool waits silently in the background for the user to unlock their Recall session using Windows Hello (via PIN, fingerprint, or facial recognition). As soon as the user authenticates, the tool intercepts the decrypted screenshots, OCR-processed text, and metadata as they are passed to the AIXHost.exe process for display or processing.

Bypassing Security via User Action

The tool does not technically "crack" the encryption or bypass Windows Hello itself. Instead, it "rides along" with the user's legitimate access. Hagenah notes that the Virtualization-based Security (VBS) enclave will not decrypt data without the user’s biometric or PIN input. However, once that "gate" is opened, the data remains vulnerable as it travels to other parts of the system. Furthermore, the tool can perform certain tasks—such as deleting the entire database or capturing specific metadata—without any Windows Hello authentication at all.