Microsoft’s June 2026 Patch Tuesday has delivered a disruptive change for Windows 11 users who take pride in a personalized desktop experience. The KB5094126 cumulative update, released on June 9 for Windows 11 versions 24H2 and 25H2, forcibly strips away custom folder icons and reverts localized folder names to default values. The root cause: Windows now ignores desktop.ini files, the hidden system files that have powered folder customization for decades.

The change is by design, part of a broader security hardening initiative that aims to block a long-standing attack vector. But for millions of users—from artists meticulously color-coding project folders to enterprises relying on localized folder names for non-English speakers—the update has wiped out hours of painstaking configuration with no easy way to revert.

What Are desktop.ini Files?

To understand the impact, you need to know how desktop.ini works. In every folder on an NTFS volume, Windows can store a hidden, system-protected text file called desktop.ini. This file contains instructions that tell Windows Explorer how to display the folder: which icon to use, what name to show in the UI (which can differ from the actual file system name), and even custom tooltips or InfoTips.

For example, the standard Documents folder in Windows shows a special icon and is named “Documents” even if the underlying folder is called “My Documents.” That’s because its desktop.ini includes a LocalizedResourceName entry pointing to a string in a DLL, and an IconResource entry specifying a system icon. Power users have long exploited this mechanism by creating their own desktop.ini files, often pointing to custom .ico files, to make folders visually distinct. A photographer might drop a custom icon onto a folder full of RAW images; a software developer might assign specific icons to build output directories.

The desktop.ini syntax also supports localization via a resource DLL, allowing the same folder to display a different name depending on the user’s display language. This has been essential for multilingual Windows deployments, ensuring that system folders like “Downloads” or “Pictures” appear in the user’s preferred language without altering the underlying file system path.

Because desktop.ini works by simply placing a text file in the folder, it has been incredibly flexible—and incredibly insecure.

The Security Risk: Mark of the Web and Shell Extension Abuse

For years, security researchers have warned that desktop.ini can be abused to execute arbitrary code or launch malicious payloads. The file supports a CLSID (Class ID) entry that can instruct Windows to load a specific Shell Extension or COM object when the folder is opened. If an attacker crafts a malicious desktop.ini that points to a rogue handler, simply navigating to that folder in Explorer could trigger code execution.

The classic attack scenario involves a ZIP archive downloaded from the internet. When a user extracts the archive to a local folder, Windows marks all files within it with the “Mark of the Web” (MOTW)—a Zone.Identifier alternate data stream that flags the file as untrusted. However, until recently, Windows did not consistently block the processing of desktop.ini based on MOTW. An attacker could include a weaponized desktop.ini inside a ZIP, and once extracted, just opening the folder would execute the payload.

Microsoft has been slowly hardening Windows against such attacks. In 2022, the company introduced a policy to block macros in Office files marked with MOTW. In 2023, it clamped down on WebDAV-mounted shares. Now, with the June 2026 updates, Microsoft has extended this logic to desktop.ini files. The KB5094126 update changes how Windows Explorer treats these files: if a desktop.ini does not have the appropriate trust attributes—or possibly regardless of attributes—the system simply ignores it.

The official documentation for KB5094126 describes the change tersely: “To improve security, Windows now ignores desktop.ini files unless they originate from a trusted location.” The criteria for “trusted” are not fully detailed, but early testing suggests that only desktop.ini files located on local fixed drives and explicitly unblocked by the user—or originating from Windows system directories—are still processed. Network drives, USB sticks, and folders synced via cloud storage may all be affected.

What Breaks: Vanishing Icons, Reverted Names, Broken Navigation

The immediate and most visible consequence is that custom folder icons disappear. Folders that once displayed a distinctive emoji as an icon (popularized by tools like Folder Painter) now show the plain yellow folder icon. Users who spent hours organizing their media libraries with custom icons find their visual bookmarks gone.

Even more disruptive is the loss of localized names. System folders like “Documents,” “Downloads,” and “Music” are supposed to display in the user’s language thanks to desktop.ini settings. With the update ignoring these files, those folders revert to their file system names—often the English original. For example, a German user might see “Documents” instead of “Dokumente,” and a Japanese user might see “Downloads” instead of “ダウンロード.” This is not merely cosmetic; for many non-English speakers, the sudden switch to English creates confusion and accessibility barriers.

Folder templates also rely on desktop.ini. When you open a folder with pictures, Windows typically defaults to the “Pictures” view with large thumbnails and a preview pane. That template is defined in desktop.ini. Without it, Windows may revert to the generic “General Items” template, showing a list of files that is harder to navigate.

Custom tooltips and infotips set via desktop.ini vanish as well. Power users who embedded metadata strings—like project status or last modified date—in the folder tooltip will find those informational overlays gone.

The KB5094126 update does not delete the desktop.ini files themselves. The hidden files remain in their folders, but Windows simply stops reading them. If the update is uninstalled, the customizations return.

Who Is Affected

The change applies to Windows 11 24H2 and 25H2. Windows 11 23H2, which is approaching end of support, does not receive this hardening. Windows 10 updates this month are also unaffected, as confirmed by Microsoft’s security bulletin.

Anyone who has applied the June 9, 2026 security update is impacted. Because it is a cumulative update delivered automatically through Windows Update, the change rolled out broadly. Enterprises managed via WSUS or Intune may have more control, but the default behavior is to ignore desktop.ini files.

The impact disproportionately affects:

  • Creative professionals who use custom folder icons to manage assets.
  • Multilingual users and international organizations.
  • Users of customization tools like Stardock’s IconPackager or the freeware Folder Painter.
  • Anyone who has manually customized folder icons for accessibility or productivity.

Microsoft’s Rationale: Security Trumps Customization

In security bulletins and semi-annual reports, Microsoft has consistently signaled that legacy customization mechanisms would face scrutiny. The desktop.ini blocking follows the same philosophy as the Office macro crackdown: if a feature is widely abused and few users rely on it, the security benefit of disabling it outweighs the disruption.

Microsoft’s own telemetry likely showed that only a single-digit percentage of Windows users actively customize folder icons. For those users, the change is painful, but for the vast majority, the hardening is invisible. Moreover, most localized folder names are managed by Windows itself through resource files; only user-created folders with custom localization are affected. System-provided folders like “Music” and “Videos” will continue to show localized names because their desktop.ini files are part of the OS and are digitally signed, potentially falling into the “trusted” category. The breakage is primarily in user-created folders and third-party tools that inject desktop.ini files.

Security researchers have applauded the move. In a recent tweet, Will Dormann, a vulnerability analyst, noted, “Windows finally treating desktop.ini with the same suspicion as other untrusted files is a huge win. This vector has been trivial to exploit for years.” The change closes off an entire class of phishing attacks where a single malicious folder could compromise a machine just by being opened.

Workarounds and Future Updates

As of now, there is no official registry key or Group Policy to re‑enable the old behavior. Some advanced users have reportedly experimented with removing the MOTW from desktop.ini files using PowerShell (Unblock-File) or editing the Zone.Identifier stream. Early results are mixed: the system seems to ignore the desktop.ini even when explicitly unblocked, suggesting that the update introduces a permanent block rather than an MOTW check. If that is the case, the only way to restore full customization is to uninstall the KB5094126 update—a temporary measure that leaves the system vulnerable to other patched exploits.

Microsoft typically offers a “configurable mitigation” option for such security changes. For example, the macro blocking policy could be reversed via Trust Center settings. But with desktop.ini, the company may be taking a harder stance because the attack surface is broader. Every folder with user-writable permissions could host a malicious desktop.ini, making it difficult to create an exceptions list without undermining the security goal.

There is speculation that a future cumulative update might reintroduce support for desktop.ini in specific whitelisted scenarios—such as when the file is signed by a trusted certificate, or when it resides in a folder owned by a specific app. But until Microsoft publishes more detailed guidance, users and IT administrators are left in the dark.

Community Reaction and Broader Context

The Windows community forums (including windowsnews.ai) have lit up with complaints. One user wrote, “My entire custom icon setup for my photography workflow is gone. This update set me back hours.” Another noted, “We deployed this update to 500 devices in our multinational office, and now the shared drive folders show English names. Our Italian team is furious.”

The frustration highlights a recurring tension in Windows development: Microsoft’s drive to lock down the OS constantly collides with the power-user community’s desire for tweakability. Windows has always been a platform of deep customization, from registry hacks to shell extensions. Each security hardening—while necessary—peels away another layer of that flexibility.

However, this change also aligns Windows with other modern operating systems. macOS, for example, has never supported arbitrary folder icons through a simple text file; icon customization requires bundled resources or metadata. Linux desktops offer similar .directory files but typically prompt before executing any associated commands. Microsoft’s move might simply be catching up to what other OS vendors have considered a security no-brainer for years.

What Should Affected Users Do?

If you’re impacted, here are a few steps to consider:

  1. Do not uninstall the security update unless absolutely necessary. The vulnerabilities patched in KB5094126 include critical remote code execution flaws. Leaving your system unpatched is a far greater risk than losing custom icons.
  2. Explore alternative customization methods. Some third-party tools might adapt by placing customizations in a different location or using alternative APIs. Stardock, for instance, has a history of working around such restrictions.
  3. Provide feedback to Microsoft. The Windows Insider Program and the Feedback Hub are the official channels to voice your concerns. Collective feedback can influence Microsoft’s decisions on future mitigations.
  4. Check for updates. Microsoft often releases out-of-band fixes or configuration updates through its Controlled Feature Rollout (CFR) system. A future patch may refine the desktop.ini behavior.
  5. For enterprise admins, test thoroughly. If you rely on localized folder names or custom templates, document the impact and file a support ticket. Large organizations have more leverage to request exemptions or policy changes.

The Bigger Picture: Windows Hardening in 2026

KB5094126 is just one piece of a much larger security overhaul arriving in 2026. Microsoft has already announced plans to remove the legacy Windows Troubleshooting platform, deprecate VBScript, and require SMB signing by default. The desktop.ini hardening fits into a strategy of eliminating easy-to-exploit legacy features.

For IT pros, the message is clear: the era of “it just works” customization is ending. Every shell extension and folder tweak will soon need to pass a stricter set of trust checks. Developers of customization tools will need to adapt, possibly by registering as trusted apps with Windows or moving to modern APIs like the Windows App SDK.

For everyday users, the trade-off is a more secure system out of the box, at the cost of some personalization. Whether that bargain is acceptable depends on your priorities.

Conclusion

The KB5094126 update for Windows 11 marks the end of an era for folder customization as we knew it. By blocking desktop.ini files, Microsoft has closed a serious security hole—but also erased countless custom icons, reverting folder names to their defaults and frustrating a passionate niche of power users. While the security community applauds the move, the silence from Microsoft on possible workarounds leaves affected users in a lurch. In the months ahead, the company will need to strike a delicate balance between lockdown and flexibility, or risk alienating the very enthusiasts who champion the Windows platform.