Microsoft has disabled preview features in Windows File Explorer for internet-downloaded files to prevent NTLM hash leaks and improve security. This change aims to mitigate vulnerabilities that could lead to credential leaks and relay attacks, especially targeting files marked with Mark of the Web. #CVE-2025-59214 #NTLMhashleak #FileExplorer
Keypoints
- Microsoft disabled file preview in Windows Explorer for internet-downloaded files to address security gaps.
- The change aims to prevent NTLM hash leaks that could occur when previewing malicious files.
- Vulnerabilities related to CVE-2025-59214 and bypasses of previous patches were exploited in the wild.
- Users must unblock files manually by adjusting properties if they wish to preview them again.
- The update is part of October 2025 Patch Tuesday security improvements to enhance system defenses.
Read More: https://www.securityweek.com/microsoft-disables-downloaded-file-previews-to-block-ntlm-hash-leaks/