Windows Explorer Archives

Winsage

March 2, 2026

RAT Malware Via Windows Explorer Puts Crypto at Risk

Cofense Intelligence reported that threat actors are exploiting Windows File Explorer and WebDAV servers to deliver Remote Access Trojans (RATs) to corporate systems, bypassing browser security measures. This method allows attackers to infiltrate machines without using web browsers, taking advantage of File Explorer's ability to connect to remote WebDAV servers. Despite WebDAV being deprecated by Microsoft in November 2023, it is still supported in Windows, creating a vulnerability. The campaigns began in February 2024, with a significant increase in September 2024, and 87% of these campaigns deliver multiple RATs, including XWorm, Async RAT, and DcRAT. Victims typically receive phishing emails disguised as invoices, containing URL or LNK shortcut files that initiate a WebDAV connection. The attacks often utilize Cloudflare Tunnel for hosting malicious WebDAV servers, making the traffic appear legitimate. Notably, 50% of affected campaigns are in German, while 30% are in English. The report emphasizes the risks posed to individuals holding digital assets, as RATs can access sensitive information, including crypto wallet files. Organizations are advised to monitor network traffic for Cloudflare Tunnel instances and educate users about the risks associated with File Explorer's capabilities.

Winsage

March 1, 2026

Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery

Cybercriminals are exploiting a legacy feature in Windows File Explorer, specifically the WebDAV protocol, to distribute malware and bypass traditional security measures. Despite Microsoft deprecating native WebDAV support in November 2023, it remains active on many systems. Attackers use WebDAV to deceive victims into executing malicious payloads by sending links that connect File Explorer directly to remote servers, avoiding web browsers and their security warnings. They employ methods such as direct linking, URL shortcut files, and LNK shortcut files to deliver exploits. The primary objective of these campaigns, which surged in late 2024, is to deploy Remote Access Trojans (RATs), with 87% of Active Threat Reports involving multiple RATs like XWorm RAT, Async RAT, and DcRAT. These campaigns predominantly target corporate networks in Europe, with many phishing emails written in German and English. Attackers use short-lived WebDAV servers hosted on Cloudflare Tunnel demo accounts to obscure their infrastructure. Security analysts are advised to monitor unusual network activity from Windows Explorer and educate users to verify addresses in File Explorer.

Winsage

February 16, 2026

De-Enshittify an Existing Install of Windows 11 ⭐

Win11Debloat is a tool designed to enhance the Windows 11 experience by allowing users to remove unwanted elements while keeping desired features. It operates via a PowerShell script and offers a user-friendly graphical interface. Users can uninstall applications, adjust Windows 11 features, and specify whether changes apply to the current user or all users. Key functionalities include: - Uninstalling applications like Microsoft Edge, OneDrive, and various bundled apps. - Adjusting privacy settings, including disabling telemetry and targeted advertisements. - Modifying Windows Update settings to prevent automatic restarts. - Disabling Bing web search in the Start menu. To use Win11Debloat, users must follow specific instructions on GitHub, execute a script, and navigate through three main screens to make selections. The tool allows for the creation of a system restore point and offers options to apply changes to all users or just the current user. Users are advised to update apps before using Win11Debloat to prevent the Microsoft Store from reinstalling removed applications. If some apps remain after using the tool, they can be uninstalled manually. The tool's changes are reversible, and most removed apps can be reinstalled, except for the Microsoft Store app. Users are encouraged to take their time with the options available and can reapply settings if future updates from Microsoft alter their configurations.

Winsage

February 13, 2026

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Security researcher Wietze Beukema revealed vulnerabilities in Windows LK shortcut files at the Wild West Hackin' Fest, which could allow attackers to deploy harmful payloads. He identified four undocumented techniques that manipulate these shortcut files, obscuring malicious targets from users. The vulnerabilities exploit inconsistencies in how Windows Explorer handles conflicting target paths, allowing for deceptive file properties. One technique involves using forbidden Windows path characters to create misleading paths, while another manipulates LinkTargetIDList values. The most sophisticated method alters the EnvironmentVariableDataBlock structure to present a false target in the properties window while executing malicious commands in the background. Microsoft declined to classify the EnvironmentVariableDataBlock issue as a security vulnerability, stating that exploitation requires user interaction and does not breach security boundaries. They emphasized that Windows recognizes shortcut files as potentially dangerous and provides warnings when opening them. However, Beukema noted that users often ignore these warnings. The vulnerabilities share similarities with CVE-2025-9491, which has been exploited by various state-sponsored and cybercrime groups. Microsoft initially did not address CVE-2025-9491 but later modified LNK files to mitigate the vulnerability after it was widely exploited.

Winsage

January 7, 2026

“Microslop”: Infuriating Video Sums Up How Microsoft Is Ruining Windows With AI

Programmer Ryan Fleury criticized Windows 11's AI-powered search feature in a video, highlighting a suggestion that users ask, “My mouse pointer is too small,” which yielded no results after a ten-second wait. In contrast, a simple search for the word “test” produced three relevant outcomes. Microsoft is committed to enhancing Windows 11 with AI, having ended support for Windows 10 to encourage users to transition to the new system featuring a virtual assistant called Copilot. New features include a Copilot icon on the taskbar and integration into Windows Explorer for generating document summaries. However, security concerns persist due to past incidents where sensitive information was saved in unsecured locations. Discontent with Microsoft's AI direction has grown since the discontinuation of Windows 10, and CEO Satya Nadella's comments against the term “slop” have led to increased use of the term “Microslop” on social media. Fleury's sarcastic remarks about AI's coding capabilities reflect skepticism about the effectiveness of AI in delivering quality results.

Winsage

December 11, 2025

Microsoft fixes Windows Explorer white flashes in dark mode

Microsoft resolved an issue in Windows 11 where users experienced bright white flashes when launching File Explorer in dark mode after installing the KB5070311 update. This glitch affected various actions within the application. The KB5072033 cumulative update fixed this issue, improving the experience in File Explorer. Additionally, the KB5072033 update addressed network connectivity loss on virtual machines and introduced enhancements to Windows PowerShell, including warnings for potentially harmful scripts. Microsoft also acknowledged a bug affecting system components like File Explorer and the Start Menu during the provisioning of Windows 11 24H2 and 25H2 devices. Furthermore, Microsoft is testing a feature to preload File Explorer in the background to enhance performance.

Winsage

December 6, 2025

Linux File Managers Outshine Windows Explorer in Speed and Customization

Windows File Explorer is facing criticism for its speed and features compared to Linux-style file managers like Dolphin, which offers advantages such as dual-pane views, tabbed browsing, and rapid search capabilities. Users have reported that Linux file managers can load directories with thousands of files in under a second, while Windows File Explorer may take several seconds. The growing dissatisfaction with Windows' performance and privacy policies has led to an increase in Linux adoption, with over 3% of the gaming market now using Linux. Additionally, Linux file managers provide high customization options and modularity, appealing particularly to developers. Discussions on social media platforms reflect a preference for Linux alternatives due to their superior performance and user experience.

Winsage

November 26, 2025

Microsoft preloads File Explorer to mask performance issues

Microsoft is addressing sluggish launch times for File Explorer by preloading the application in the background, rather than streamlining its code or removing features. This update is available in a Windows Insider build for the Dev and Beta Channels. The preloading feature is experimental and can be disabled by users in the Folder Options under the View tab in File Explorer. Microsoft previously open-sourced the classic Windows File Manager in 2018, which was a lightweight tool for file system activities. Over time, File Explorer has increased in size and complexity, leading to performance challenges.

Winsage

November 24, 2025

Linux-Inspired File Managers Outpace Windows Explorer in Speed and Features

Microsoft's Windows File Explorer is facing competition from third-party file managers like Files, which is open-source and available for free from the Microsoft Store. Files offers features such as dual-pane views, tabbed browsing, and advanced tagging, making it faster and more customizable than Explorer. Benchmarks show Files loading directories up to 30% faster on average hardware. Despite recent updates to Explorer, it still lacks the innovation found in alternatives. Users are increasingly expressing dissatisfaction with Explorer's bloat, with some preferring alternatives like File Pilot. Linux-inspired managers, including Files, incorporate usability features such as breadcrumb navigation and integrated terminal access, appealing to developers and IT professionals. Open-source alternatives benefit from community oversight, enhancing security and performance. The trend towards these innovative tools may compel Microsoft to rethink Explorer. Additionally, there is a growing convergence of Windows and Linux file management, with Microsoft acknowledging Linux's strengths by integrating Linux files into Explorer. The rise of these alternatives reflects changing user expectations and demands for more customizable and efficient file management solutions.

Winsage

November 18, 2025

Windows 10 still has the best Start menu, so I brought it back for free

Windows 11's Start menu has received criticism from some users who believe it lacks the intuitiveness and customization of the Windows 10 Start menu. The Windows 10 Start menu was praised for its design, functionality, and features like Live Tiles, which allowed real-time information access and personalization options such as resizing and organizing tiles. ExplorerPatcher is a free tool that enables users to customize the Windows 11 Start menu to resemble that of Windows 10, allowing for features like pinning apps and organizing the menu. Users can download ExplorerPatcher from GitHub and switch the Start menu style with ease. The tool also offers additional customization options, although it has some reported bugs.