Microsoft has implemented a security enhancement in Windows File Explorer that automatically blocks previews for files downloaded from the Internet, preventing credential theft attacks. This change helps protect users from exploits that could leak NTLM hashes through malicious documents. #NTLMhashes #FileExplorerPreviews
Keypoints
- Windows File Explorer now disables previews for internet-downloaded files by default.
- The change aims to prevent exploitation of vulnerabilities that leak NTLM hashes during file previews.
- Preview warnings will appear when attempting to view potentially unsafe files from the Internet Zone.
- Users can manually unblock trusted files by adjusting their properties or security zone settings.
- The update is part of October 2025 security patches and improves overall Windows security posture.