Microsoft Implements New Security Measures for Windows 11 Users
October has proven to be a particularly eventful month for Microsoft, marked by significant updates and adjustments. Following the conclusion of Windows 10 support, the tech giant has faced a series of challenges, including emergency updates and privacy concerns surrounding Teams. Now, a new alert has emerged for Windows 11 users regarding file previews, adding another layer to the ongoing narrative.
Effective October 14, Microsoft has announced that File Explorer will automatically disable the preview feature for files downloaded from the internet. This precaution specifically targets files marked with a “Mark of the Web (MotW),” which are deemed vulnerable to potential security risks.
According to Microsoft, these files may be susceptible to “NTLM hash leakage,” a situation where files contain HTML tags—such as and —that reference external paths. This vulnerability could allow attackers to exploit the preview feature to capture sensitive credentials, prompting Microsoft to classify such files as potentially “unsafe.” Users will need to manually unblock these files by right-clicking and accessing the Properties settings.
Watch for this warning
New Windows alert
The decision to block file previews appears to be a precautionary measure, yet it raises questions about the effectiveness and practicality of the approach. Critics argue that a more nuanced strategy could have been employed, targeting files with specific attributes or enhancing the sandboxing of the preview function. The current blanket approach risks inconveniencing users who may inadvertently unblock files without fully understanding the implications.
Moreover, the process for unblocking files introduces a potential risk. Users are advised to open files only if they trust the source, which could lead to high-stakes situations if caution is not exercised. Microsoft has stated that this change will occur automatically, requiring no action from users to benefit from the security enhancement. However, existing workflows will be affected when previewing files downloaded from the internet, creating a catch-all scenario.
Microsoft further clarifies that while the change may not take effect immediately, it will be implemented after the next login. Users also have the option to unblock all files from a specific file share address, although this action will relax the security measures for all files originating from that share.
