Microsoft enhanced Windows File Explorer security by disabling File Preview for downloaded files as of 2025-10-14.
Security Measures and Impact
This update addresses an NTLM credential vulnerability in Windows File Explorer. By disabling previews for files marked with the Mark of the Web, users are warned of potential security risks when attempting to preview untrusted files. Files from trusted network shares and local documents will continue to preview normally.
The new protection takes effect after the user's next login, requiring no additional configuration. However, users can still manually allow specific downloads by right-clicking the file, accessing Properties, and checking Unblock.
Admin Configurations and Network Safety
Administrators can manage trusted sites via the Internet Options in Control Panel to allow certain network shares for preview, but this should be limited to verified networks. The intention is to minimize enterprise attack surfaces while maintaining safe workflows.
Overall, Microsoft aims to balance enhanced security with user convenience, ensuring safer default settings without interrupting legitimate processes.
