.png)
1 day ago
1
Windows 11 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server, version 23H2 Windows Server 2025
Original publish date: October 22, 2025
KB ID: 5070960
Summary
Starting with Windows security updates released on and after October 14, 2025, File Explorer automatically disables the preview feature for files downloaded from the internet. This change is designed to enhance security by preventing a vulnerability that could leak NTLM hashes when users preview potentially unsafe files. For more details, review the following frequently asked questions about this change.
Frequently asked questions
This change mitigates a vulnerability where NTLM hash leakage might occur if users preview files containing HTML tags (such as <link>, <src>, and so forth) referencing external paths. Attackers could exploit this preview feature to capture sensitive credentials.
Preview functionality is disabled by default for files marked with Mark of the Web (MotW), which indicates they originated from the internet Security Zone.
After the October 2025 or a later Windows security update is installed, File Explorer preview pane will display the following message:
The file you are attempting to preview could harm your computer. If you trust the file and the source you received it from, open it to view its contents.
Note: This change of behavior applies to files marked with MotW after download from the internet, and to files viewed on an Internet Zone file share.
No action is needed to benefit from this security enhancement. Existing workflows remain unaffected unless previewing files downloaded from the internet.
If you are confident in the safety of both the file and its source, you may remove the internet security block.
To remove the block for a downloaded file, right-click the file in File Explorer, select Properties, and then select Unblock.
Note: The change might not take effect immediately but will be effective after the next login.
To remove the block for files on an Internet Zone file share, use the Internet Options control panel’s Security tab to add the file share’s address to either the Local intranet or Trusted sites security zone.
Warning: This configuration change will relax the security posture for all files from the listed file share.
