Overview
- The change is live for systems that installed the October 14, 2025 Windows security updates, including Windows 11 and Windows Server.
- Previews are blocked for files marked with Mark of the Web and for items on Internet Zone file shares, with a warning shown instead of content.
- The mitigation addresses a tactic where selecting a file to preview can trigger HTML-based external requests that expose NTLM credentials without opening the file.
- Users can re-enable previews for trusted content by unblocking individual files or by adding a file share to Trusted sites or the Local intranet zone, sometimes requiring a sign‑out and sign‑in.
- Security coverage notes potential workflow friction and warns that routine unblocking or relaxed zone settings could weaken the protection in practice.