Microsoft has updated Windows File Explorer, disabling file previews for internet-downloaded files to enhance security. This update, released on 2025-10-14, targets files marked with the Mark of the Web (MotW) attribute, thereby reducing exposure to credential-theft attacks.
Security Mitigations
Files labeled with MotW, often from untrusted internet sources or file shares, will no longer display previews and will instead carry a warning message about potential risks. This measure prevents tactics using malicious files with embedded HTML that can initiate unauthorized network requests and expose NTLM hashes. As a result, external attacks through potentially harmful files are less likely.
Users can view trusted files by manually unblocking them. This change primarily affects external web resources, while local and trusted files will retain preview functionality.
User and Administrator Guidelines
To view a downloaded file safely, users need to right-click, select Properties, and choose Unblock in some cases. Administrators are advised to authorize only verified networks as Trusted Sites in Internet Options, maintaining security integrity as organizations transition from NTLM to modern authentication methods. Microsoft indicates that these steps maintain usability while reducing attack surfaces.
