In a transfer to tighten defenses in opposition to credential theft, Microsoft has rolled out a big change to Home windows File Explorer beginning with safety updates launched on and after October 14, 2025.
The replace robotically disables the preview pane for recordsdata downloaded from the web, aiming to dam a sneaky vulnerability that would expose customers’ NTLM hashes delicate credentials used for community authentication.
This adjustment addresses a long-standing danger the place malicious recordsdata, particularly these embedding HTML components like or tags pointing to exterior sources, may set off unauthorized community requests throughout previews.
Attackers have exploited this previously to reap hashes, probably resulting in lateral motion in networks or full account takeovers.
By defaulting to a extra cautious method, Microsoft is prioritizing proactive safety with out requiring person intervention, a welcome step amid rising phishing and malware campaigns focusing on Home windows customers.
File Previews Turned Off
The brand new habits hinges on the “Mark of the Internet” (MotW) attribute, which Home windows applies to recordsdata from untrusted sources just like the Web or Web Zone file shares.
As soon as tagged, these recordsdata won’t present previews in File Explorer. As an alternative, customers will see a transparent warning message: “The file you are trying to preview may hurt your pc. For those who belief the file and the supply from which you obtained it, you could open it to view its contents.”
For on a regular basis customers, this implies a minor workflow hiccup: previews are off for probably dangerous recordsdata, however every little thing else, like native paperwork or trusted shares, stays unchanged. No further setup is required; the safety kicks in robotically post-update.
IT admins and energy customers will recognize that it applies broadly to downloaded recordsdata and distant shares, decreasing the assault floor in enterprise environments the place NTLMv2 weaknesses persist regardless of pushes towards trendy auth like Kerberos.
This isn’t a full lockdown, it’s a sensible nudge towards safer habits. Previews nonetheless work for vetted recordsdata, and the change encourages verifying sources earlier than diving in.
For those who’re coping with a trusted obtain, overriding is easy however deliberate. Proper-click the file in File Explorer, hit Properties, and verify the “Unblock” field. Notice that adjustments may not apply till your subsequent login.
For complete file shares in Web Zones, head to Web Choices within the Management Panel, navigate to the Safety tab, and add the share’s handle to the Native Intranet or Trusted Websites zone. Be cautious: this lowers defenses for all recordsdata from that supply, so reserve it for verified networks.
Microsoft’s FAQ emphasizes trusting recordsdata solely from identified origins, underscoring that this tweak is about mitigation, not elimination of dangers. As cyber threats evolve, such incremental updates assist maintain Home windows resilient with out overcomplicating day by day use.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
