Microsoft Disables Preview In File Explorer To Block Attacks (bleepingcomputer.com)
(Monday October 27, 2025 @12:34AM (EditorDavid)
from the explorer-horrors dept.)
- Reference: 0179880322
- News link: https://tech.slashdot.org/story/25/10/27/0314221/microsoft-disables-preview-in-file-explorer-to-block-attacks
- Source link: https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/
Slashdot reader [1]joshuark writes:
> Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents, [2]according to a report from BleepingComputer . This attack vector is particularly concerning because it requires no user interaction beyond selecting a file to preview and removes the need to trick a target into actually opening or executing it on their system.
>
> For most users, no action is required since the protection is enabled automatically with the October 2025 security update, and existing workflows remain unaffected unless you regularly preview downloaded files.
>
> "This change is designed to enhance security by preventing a vulnerability that could leak NTLM hashes when users preview potentially unsafe files," [3]Microsoft says in a support document published Wednesday .
>
> It is important to note that this may not take effect immediately and could require signing out and signing back in.
[1] https://slashdot.org/~joshuark
[2] https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/
[3] https://support.microsoft.com/en-us/topic/file-explorer-automatically-disables-the-preview-feature-for-files-downloaded-from-the-internet-56d55920-6187-4aae-a4f6-102454ef61fb
> Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents, [2]according to a report from BleepingComputer . This attack vector is particularly concerning because it requires no user interaction beyond selecting a file to preview and removes the need to trick a target into actually opening or executing it on their system.
>
> For most users, no action is required since the protection is enabled automatically with the October 2025 security update, and existing workflows remain unaffected unless you regularly preview downloaded files.
>
> "This change is designed to enhance security by preventing a vulnerability that could leak NTLM hashes when users preview potentially unsafe files," [3]Microsoft says in a support document published Wednesday .
>
> It is important to note that this may not take effect immediately and could require signing out and signing back in.
[1] https://slashdot.org/~joshuark
[2] https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-preview-pane-for-downloads-to-block-ntlm-theft-attacks/
[3] https://support.microsoft.com/en-us/topic/file-explorer-automatically-disables-the-preview-feature-for-files-downloaded-from-the-internet-56d55920-6187-4aae-a4f6-102454ef61fb
Ah, preview! (Score:2)
by johnnys ( 592333 )
"Preview". Also known as "Let me help you by running this anonymous code without asking or even checking to see it is is suspicious and I won't even give you the chance to decide whether or not to run it!"
"Microsoft considered harmful."
Or, and stay with me here (Score:2)
Disable network/Internet access for the preview function, maybe via sandbox? Crazy, I know.