CyberSecurityBoard
Sponsor Register Login

Microsoft disables Preview Pane for downloads to block NTLM theft attacks

Microsoft has taken a significant security step by disabling the Preview Pane feature for downloads in Windows. This move aims to prevent NTLM (NT LAN Manager) credential theft attacks, which have been exploited by threat actors to steal user credentials silently. The Preview Pane, a feature in Windows Explorer that allows users to view file contents without opening them, was found to be a vector for NTLM relay and theft attacks. By disabling this feature for downloaded files, Microsoft is mitigating the risk of attackers capturing NTLM hashes and using them for unauthorized access. NTLM is an older authentication protocol that, despite being largely replaced by Kerberos, is still supported for backward compatibility. Attackers have leveraged NTLM relay attacks to impersonate users and escalate privileges within networks. The Preview Pane vulnerability allowed attackers to trigger automatic NTLM authentication requests when a user selected a malicious file, leading to credential theft without user interaction. This security update reflects Microsoft's commitment to enhancing Windows security by addressing legacy protocol weaknesses. Users are advised to apply the latest Windows updates and remain vigilant about suspicious files and network activity. Organizations should also consider disabling NTLM where possible and implement stronger authentication protocols. The disabling of the Preview Pane for downloads is part of a broader strategy to reduce attack surfaces in Windows environments. Security professionals recommend continuous monitoring and adopting multi-factor authentication to further protect against credential theft and lateral movement by attackers. In conclusion, Microsoft's proactive measure to disable the Preview Pane for downloads is a crucial step in defending against NTLM theft attacks. It highlights the ongoing need to update and secure legacy systems and protocols to protect sensitive information and maintain network integrity.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 23 Oct 2025 16:00:32 +0000


Cyber News related to Microsoft disables Preview Pane for downloads to block NTLM theft attacks

Microsoft disables Preview Pane for downloads to block NTLM theft attacks - Microsoft has taken a significant security step by disabling the Preview Pane feature for downloads in Windows. This move aims to prevent NTLM (NT LAN Manager) credential theft attacks, which have been exploited by threat actors to steal user ...
2 months ago Bleepingcomputer.com
Windows File Preview Off: How to Disable Preview Pane in File Explorer - Windows File Preview Off: How to Disable Preview Pane in File Explorer ...
2 months ago Cybersecuritynews.com
31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
2 years ago Bleepingcomputer.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
2 years ago Microsoft.com
Windows NTLM hash leak flaw exploited in phishing attacks on governments - A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. In attacks seen by Check Point, phishing emails were sent to ...
8 months ago Bleepingcomputer.com CVE-2025-24054
RenderShock 0-Click Vulnerability Executes Payloads via Background Process Without User Interaction - Security teams should implement comprehensive defenses, including disabling preview panes in Windows Explorer and Quick Look on macOS, blocking outbound SMB traffic (TCP 445) to untrusted networks, and enforcing macro blocking through Group Policy. ...
5 months ago Cybersecuritynews.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
CVE-2025-21631 - In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 ...
11 months ago Tenable.com
Microsoft drops SMB1 firewall rules in new Windows 11 build - Windows 11 will no longer add SMB1 Windows Defender Firewall rules when creating new SMB shares starting with today's Canary Channel Insider Preview Build 25992 build. Before this change and since Windows XP SP2, creating SMB shares set up firewall ...
2 years ago Bleepingcomputer.com
CVE-2023-53187 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
New Email Scam Targets NTLM Hashes in Covert Data Theft Operation - TA577 has been identified as a notorious threat actor who orchestrated a sophisticated phishing campaign, according to researchers at security firm Proofpoint. Currently, the group is utilizing a new method of phishing involving ZIP archive ...
1 year ago Cysecurity.news Black Basta
How to Download the Windows 11 KB5022360 Preview Update with 15 Improvements? - Are you looking to download the Windows 11 KB5022360 Preview update with 15 improvements? Microsoft has recently released the preview of the Windows 11 KB5022360 update that contains several improvements and fixes, including nine security updates, to ...
2 years ago Bleepingcomputer.com
The Latest Identity Theft Methods: Essential Protection Strategies Revealed - Identity theft has evolved far beyond the days of stolen mail and dumpster diving. Today's identity thieves employ sophisticated techniques, including account takeovers and government benefit fraud, making it essential for you to stay vigilant to ...
1 year ago Hackread.com
CVE-2019-1205 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
1 year ago
CVE-2019-1201 - A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security ...
1 year ago
$25M gone in 12 seconds! Brothers accused of Ethereum heist The Register - These transactions are grouped onto blocks that are chained together, hence the name. As the name suggests, validator bots attest that proposed blocks of Ethereum transactions are valid and send those blocks to a committee of fellow validators to ...
1 year ago Go.theregister.com
CVE-2021-47275 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs - Microsoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2. Two weeks ago, the company introduced Copilot to Windows 10 Insiders ...
2 years ago Bleepingcomputer.com
Russian-Backed Hackers Target High-Value US, European Entities - Hackers linked to Russia's military intelligence unit exploited previously patched Microsoft vulnerabilities in a massive phishing campaign against U.S. and European organizations in such vectors as government, aerospace, and finance across North ...
2 years ago Securityboulevard.com CVE-2023-23397 CVE-2023-38831 Fancy Bear APT28
Microsoft Exchange Server Flaw Exploited as a Zero-Day Bug - Microsoft has identified one of the critical vulnerabilities in Exchange Server that the company disclosed in February's Patch Tuesday update as actually being a zero-day threat that attackers are already actively exploiting. CVE-2024-21410 is an ...
1 year ago Darkreading.com CVE-2024-21410 CVE-2024-2140 CVE-2024-21412 CVE-2024-21351 Fancy Bear
Unmasking Identity Theft: Detection and Mitigation Strategies - In an increasingly digital world, the threat of identity theft looms large, making it imperative for individuals to be proactive in detecting potential breaches and implementing effective mitigation measures. This article delves into key strategies ...
1 year ago Cybersecurity-insiders.com
Windows 11 KB5032288 update improves Copilot, fixes 11 bugs - Microsoft has released the KB5032288 November 2023 Windows 11 preview update with improvements for the Copilot AI assistant and almost a dozen bug fixes. Windows Copilot started rolling out to Windows 11 22H2 devices in September and now is enabled ...
2 years ago Bleepingcomputer.com
CVE-2024-35807 - In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 ...
1 year ago Tenable.com
New Windows zero-day leaks NTLM hashes, gets unofficial patch - In recent months, 0patch has reported three other zero-day vulnerabilities that Microsoft patched or has yet to address, including a Windows Theme bug (patched as CVE-2025-21308), a Mark of the Web bypass on Server 2012 (still a zero-day without an ...
8 months ago Bleepingcomputer.com CVE-2025-21308

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)