Windows 10 has a new security flaw, and it’s already being exploited in the wild. You could be infected with malware just from downloading a file, as File Explorer will automatically open the file and preview it. Windows 7 has the same problem.
Update: This bug was fixed in patches Microsoft released on April 14, 2020. Run Windows Update to fix the problem on your PC.
What You Need to Know
Microsoft announced this security hole on March 23, 2020. Microsoft says it is “aware of limited targeted attacks” that use flaws in the Adobe Type Manager Library. “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane,” according to Microsoft’s security advisory.
The flaw affects all versions of Windows in active use: Windows 10, Windows 8.1, Windows 8, Windows 7, and various versions of Windows Server. (Of course, if you’re using Windows 7 and aren’t paying for extended security updates, you won’t get a security patch.)
Until then, Microsoft offers a workaround that will protect your PCs from the security flaw.
How to Protect Your PC
To work around the flaw, all you have to do is disable the Preview and Details panes in File Explorer (or Windows Explorer on older versions of Windows.) Windows won’t automatically display previews of OTF font files, which will protect you.
You could still be attacked if you open a malicious file. However, simply viewing the file in File Explorer won’t be a risk.
To do this, open File Explorer and click the “View” tab at the top of the window.
Ensure both the “Preview pane” and “Details pane” options in the Panes section are disabled. Click them to toggle them on and off.
Next, click the “Options” icon at the right side of the ribbon bar. If a menu appears, click “Change folder and search options.”
Click the “View” tab. In the “Advanced Settings” box, enable the “Always show icons, never thumbnails” option.
You’re done. Click the “OK” button to save your changes. Close all open File Explorer windows (or reboot your computer) to ensure your change takes effect.
On Windows 7, you’ll have to change these same options. They’re in a slightly different place in Windows Explorer.
First, click Organize > Layout and use the options in the menu to disable the Details pane and Preview pane.
Second, click Organize > Folder and search options in Windows Explorer to open the options window. Enable the “Always show icons, never thumbnails” option in the same place.
This change will only be necessary until Microsoft issues a security update that fixes the problem. After the company does, you can re-enable previews. (However, on Windows 7 without security updates, you’ll probably want to leave it disabled permanently.)