Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

File Explorer Internet-downloaded file preview mitigation

Advisory/Mitigation
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Microsoft File Explorer now automatically blocks previewing Internet-downloaded files to reduce NTLM hash theft risk from malicious documents. The mitigation applies on Windows 11 and Windows Server systems after the October 14, 2025 security updates.

Related Happenings

Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498

Security Patch Release
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...

Latest development: 21.05.2026 12:52

Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.

Open Happening

Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)

Vulnerability
First: 21.05.2026 10:49 Last: 21.05.2026 10:49 Sources 1

About this happening: Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...

Open Happening

Microsoft Windows Update restricted-network download failure

Service Disruption
First: 19.05.2026 14:22 Last: 19.05.2026 14:22 Sources 1

About this happening: Microsoft's **Windows Update** is failing in **restricted network environments** after the **January 2026 optional non-security preview updates**, leaving affected systems unable...

Open Happening

Windows cldflt.sys MiniPlasma privilege escalation zero-day privilege-escalation flaw

Vulnerability
First: 18.05.2026 07:59 Last: 18.05.2026 07:59 Sources 1

About this happening: **MiniPlasma** is a **Windows privilege-escalation zero-day** in **cldflt.sys** that can give attackers **SYSTEM** privileges on **fully patched Windows systems**. The flaw affect...

Open Happening

Microsoft Windows 11 mandatory Patch Tuesday updates (KB5089549, KB5087420)

Security Patch Release
First: 12.05.2026 21:09 Last: 12.05.2026 21:09 Sources 1

About this happening: Microsoft released **mandatory Windows 11 cumulative updates** for **KB5089549** and **KB5087420**, delivering the **May 2026 Patch Tuesday** fixes for **120 vulnerabilities** acr...

Open Happening

Timeline

  1. 23.10.2025 18:57 2 articles · 7mo ago

    File Explorer blocks previews for Internet-downloaded files

    Mitigation Patch Update

    Microsoft changed File Explorer on Windows 11 and Windows Server so previews are automatically disabled for files downloaded from the Internet after the October 14, 2025 security updates, reducing NTLM hash theft risk from malicious documents that reference external paths on attacker-controlled servers. The protection applies to files marked with the Mark of the Web (MotW) and Internet Zone file shares, and trusted files can still be previewed by using Unblock or by placing a share in Trusted sites or the Local intranet security zone.

    Show sources
    Open in new tab