The Daily Decrypt
The Daily Decrypt
Windows Recall Feature Takes Secret Screenshots, Microsoft President to Testify Before Congress, Disconnect Public Facing ICS Devices

In today’s episode, we discuss Microsoft President Brad Smith’s upcoming testimony before Congress regarding security shortcomings (source:, dive into the privacy concerns surrounding Windows 11’s new Recall feature (source:, and detail Rockwell Automation’s advisory on disconnecting internet-facing ICS devices amid rising cyber threats (source:

00:00 Introducing Windows 11’s Recall Feature: A Privacy Concern?

01:11 The Risks and Protections Against Windows 11’s Recall Feature

04:44 Microsoft’s Response to Security Breaches and Future Plans

06:41 Advisory on Industrial Control SystemsAmid Cyber Threats

07:36 Wrapping Up and How to Stay Connected

Tags List

Microsoft, Brad Smith, Cybersecurity, Congress, Windows, Recall, AI, cybercriminals, Rockwell Automation, Industrial control systems, Cyber threats, Vulnerabilities

Search Phrases

  1. Microsoft cybersecurity measures
  2. Brad Smith congressional testimony
  3. Impact of recent cyberattacks on Microsoft
  4. Security risks of Windows Recall feature
  5. Protecting against cyber intrusions
  6. Rockwell Automation cybersecurity advice
  7. Industrial control systems cyber threats
  8. Geopolitical tensions and cyber vulnerabilities
  9. Scanning for public-facing assets in cybersecurity
  10. Mitigating cyber risks in industrial control systems


Microsoft windows has introduced a new feature in windows 11 powered machines called recall, which takes screenshots of your open applications, every couple of seconds and uses AI to analyze them.

This is obviously stirring fears among security experts who are warning that it could become a goldmine for cybercriminals if misused. How can users protect themselves from these potential security and privacy risks posed by windows. Recall.

Speaking of Microsoft. On June 13th, Microsoft president Brad Smith will face Congress to address a cascade of security failures. That led to their recent cyber intrusions.

And finally Rockwell automation is advising urgent disconnects of internet facing industrial control systems, amid rising cyber threats, linked to geopolitical tensions and exploited vulnerabilities in these ICS devices.


What immediate actions can administrators take?

To not only check if their devices are publicly accessible, but also remediate it.

You’re listening to the daily decrypt.

Hey, no press is bad. Press.

And today. Microsoft windows is getting a lot of press.

So just recently, Microsoft has introduced a new feature called recall in windows 11. That captures screenshots every few seconds.

And then uses AI.

To search through these screenshots and interact with specific content.

Essentially indexing, everything that you do on your computer.

This could be very useful for those of us like myself who have a terrible memory.

And want to remember what we were just doing. Users can go in and search through the, their history on their computer to see, Hey, what was I doing? 10 minutes ago that I need to continue doing? Sure. Sounds great. You know, who else can search through your whole history? Anyone who’s compromised your system. So this feature can be disabled.

Which is great.

You can also specify apps that you want to exclude from this. So if that app is open, it will stop taking screenshots. But what’s key to understand is that if you’re compromised, an attacker can covertly enable this feature using PowerShell.

And so once they have that enabled, they can just sit back and wait.

For you to do something that jeopardizes your privacy, like entering your social security number.

See what banks you use.

Maybe use those screenshots to extort you, maybe you’re doing something you wouldn’t like. Everybody in the world to know the attacker gets a hold of screenshots of you doing it.

And then black males use, so they don’t release them.

The possibilities are endless for an attacker.

And Microsoft claims that the AI uses to analyze these screenshots does not need an external connection it’s built into the computer. And the images that it’s taking of your pick of your computer are not being uploaded. To Microsoft servers. Or anywhere, but.

Who knows what will happen in the future.

Nobody who’s listening to this podcast. Maybe one or two of you are good about reading privacy notifications, especially on windows. That thing is like a thousand pages long. So who knows if they decide they want to start uploading these images? To use them to train future AI models or whatever, or maybe they build in a ticker when you install windows 11, that says you may share my data.

And having just installed windows 11.

On a PC yesterday. I think there, I was so shocked at how many little tickers were automatically enabled. That. Gave windows permissions to see. Everything that I do on my computer. And to upload it, like send logs, send crash reports.

Use my information to tailor my advertisements.

I get in windows, stop sending me advertisements in windows. So this would just be another tick in the sea of ticks. Right? Now I’m already an entirely macOS person.

Except for that windows machine. I had to spin up to do some virtualization stuff for school. But in my opinion, this is enough to switch away from Microsoft. And it’s funny because Microsoft under all this scrutiny for all their recent security breaches has said, they’re going to prioritize security over new feature enhancements.

Yet here we are. There’s no way I can disable this locally, but. It can be enabled using PowerShell, and that’s probably much easier to do than install a key logger and export data.

‘ cause keyloggers will be picked up by Microsoft defender, but this tool that’s enabled on your computer, that Microsoft built. Won’t be picked up by defender. Nothing’s going to alert you. If it gets covertly turned on by a threat actor.

So, I don’t know what to tell you guys. If you’re tech savvy, you can go in and either enable alerts using wind event log. Or you can disable scripts. From being run through PowerShell.

But other than that, You just got to cross your fingers, that you’re not compromised. So beef up your endpoint security game..

We’re in the midst of history being made people on June 13th, Microsoft president. Will testify before the house committee on Homeland security about its recent cyber attacks. And security lapses.

This is crucial for understanding gaps in current security, frameworks, and potential improvements.

And this is because Microsoft has been hit a couple of times in recent history with pretty severe cyber attacks. And it might seem like these attacks are relatively benign in regards to the amount of people it affects. But think about it. Everyone uses Microsoft, even myself in a, in a purely macro S environment.

Might use Excel or word or SharePoint. Or teams or. I don’t use teams, but it’s possible or whatever Microsoft has ingrained itself into our lives. And this, these specific attacks have affected over 22 enterprise organizations. And over 500 individuals and including key United States officials. Because the United States government loves Microsoft.

So even if the scale of the breach is relatively small compared to other companies, The spread of its effect is much wider than other companies because everyone uses Microsoft. Uh, and we all know Microsoft has started to.

Put into place, certain security measures. Like I know they’re tying their executive salaries to security now.

I’m not entirely sure the details on that. But they’ve launched the secure future initiative and they’re planning to restructure their entire cybersecurity governance model.

Which is great for Microsoft, but also can serve as a blueprint for other.

Big to medium-sized organizations to follow.

In fact at the recent RSA conference, cybersecurity experts expressed optimism about Microsoft’s overhaul.

Specifically the link between security and executive compensation.

And finally Rockwell automation advises customers to disconnect all industrial control systems. Not meant to be connected to the public facing internet.

This is due to heightened geopolitical tensions and global adversarial cyber activity.

As well as multiple CVE vulnerabilities with pretty high ratings, I see a 9.8 9.0. Another 9.8 and a 10.0.

That are being exploited in the wild.

Now of course, if you have to have.

Your ICS facing the internet, do your best to patch it, do your best to secure it. But obviously you can’t take that off the internet. But what we’re mostly worried about is accidentally public facing ICS is.

And even if you’re pretty sure none of your control systems are publicly facing. Go ahead and check out.

Show Dan census. Or even end map to double check.

Should be pretty quick. Make sure nothing’s public facing that you don’t intend. On being public facing.

This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don’t forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.