Microsoft's June 2026 Patch Tuesday alters how Windows treats desktop.ini-based folder customizations, hiding untrusted custom folder names and icons until trust is established. The change affects recent Windows 11 and Windows 10 builds and is described by Microsoft as expected behavior tied to security hardening rather than a bug.
June 2026 update rollout details
Microsoft issued KB5094126 for Windows 11 25H2 and 24H2 and KB5093998 for Windows 11 23H2, while Windows 10 22H2 receives the update as KB5094127, according to publisher notes cited in reporting. The company updated its support guidance to explain that custom folder presentations defined by desktop.ini will not be applied when Windows cannot determine the file’s trustworthiness.
Why desktop.ini matters
Desktop.ini is a hidden system file Windows reads to apply folder-specific settings such as icons, localized names, thumbnails and infotips. Because the Shell automatically parses desktop.ini whenever a folder opens, the mechanism has historically presented an attack surface; specially crafted desktop.ini files on remote shares could trigger vulnerabilities in the Shell and potentially allow code execution under the logged-in user’s privileges.
Untrusted sources that trigger hiding
Microsoft lists several scenarios where desktop.ini content will be treated as untrusted and prevented from customizing folder presentation:
Files downloaded from the internet that carry a Mark-of-the-Web (MOTW)
Files copied from some remote locations, including certain WebDAV or HTTP-based sources
Files on network paths not classified as intranet or not trusted by zone policy
How administrators can restore customizations
Microsoft recommends three remediation paths. First, adding the source to Trusted Sites is the lower-risk option for managed internal locations; once trusted, desktop.ini files from that source are processed normally. Second, organizations that require compatibility can enable the policy Allow the use of remote paths in file shortcut icons to restore pre-June 2026 behavior for affected remote or untrusted scenarios. Third, administrators can remove the Mark-of-the-Web from desktop.ini files when the content is known to be safe, for example by using PowerShell commands such as Unblock-File for a single file or Get-ChildItem combined with Unblock-File for recursive removal. Microsoft cautions against broad opt-outs because they reduce protection against malicious remote folder-customization content and advises maintaining strict trust settings and limiting trusts to controlled internal sources.
Most Read











