Microsoft has officially confirmed a strange side effect of its June 2026 Patch Tuesday security updates: when users attempt to permanently delete files from the Windows Recycle Bin, the confirmation dialog now displays internal $Rxxxxx.ext filenames instead of the original file names. This quirk, while not harming data, has left many users confused and concerned about their system's integrity.
The issue, first spotted by Windows enthusiasts on forums and Reddit shortly after the updates began rolling out, affects both Windows 10 and Windows 11 systems that installed the June 2026 cumulative updates. The $R notation is part of Windows' internal naming convention for files scheduled for deferred deletion—typically used when a file is in use and cannot be removed immediately. Microsoft's documentation suggests these temporary names should never be visible to end users in normal operation.
The Bug in Action
Imagine right-clicking a document in the Recycle Bin, choosing "Delete," and seeing a prompt that asks: "Are you sure you want to permanently delete this file?" But instead of the familiar report.docx or photo.jpg, the dialog displays something like $RH2K3F9.docx. For the average user, this immediate reaction is alarm—has malware renamed files? Is the system compromised? The reality is far less sinister but no less frustrating.
The glitch occurs exclusively when deleting files from the Recycle Bin; ordinary file deletions outside the Bin work normally. Reports indicate that the original file name reappears if you restore the file and then delete it again, but the $R name persists in the confirmation prompt for direct permanent deletion. This inconsistency has fueled speculation on social media, with some users initially believing it to be a ransomware attack or a sign of disk corruption.
What Are $R Files?
The $R prefix, long a part of Windows internals, is used by the operating system's deferred deletion mechanism. When a file is locked (e.g., open in an application) and a program requests its removal, Windows cannot delete it immediately. Instead, the system renames the file to a random string like $Rxxxxx and registers it for deletion upon the next reboot. This process, managed by the Session Manager (smss.exe) or the MoveFileEx function with the MOVEFILE_DELAY_UNTIL_REBOOT flag, has existed for decades without user-facing consequences.
Under normal conditions, these $R files reside in the Recycle Bin’s hidden system folder (C:\$Recycle.Bin) but should be transparent to users. The Recycle Bin interface normally translates the internal names back to the original filenames using metadata stored in the desktop.ini or a companion .bin file. It appears the June 2026 update inadvertently broke this translation layer, causing the raw internal names to surface in the UI.
Microsoft’s acknowledgement, posted on the known issues page for the June 2026 cumulative updates, confirms: “After installing this update, the Windows Recycle Bin may display temporary file names (e.g., $Rxxxxx.exe) instead of the original filenames in the delete confirmation dialog. This is a cosmetic issue only and does not affect the actual deletion of files or system security.”
Why Did This Happen?
The root cause likely stems from a security fix in the June 2026 patches. Each monthly rollup includes changes to the Windows kernel, file system drivers, and user-mode components designed to address vulnerabilities. This particular bug may have arisen from an update to the Recycle Bin’s handling of meta data, possibly to close a privilege escalation or information disclosure loophole. Security updates often tighten access controls or modify API calls, which can have unintended side effects on UI elements.
Microsoft’s patch notes for June 2026 do not detail the exact change responsible, but a brief analysis by independent researchers points to a modification in shell32.dll—the library responsible for the Recycle Bin interface. The update reportedly altered how the shell retrieves the display name from the Recycle Bin's folder property bag. Instead of calling IRecycleBinManager::GetFileOriginalName, it appears to fall back to the file system’s actual entry name, which in the case of pending delete items is the $R placeholder.
This regression is reminiscent of a similar issue from 2023 when a Windows 10 update briefly caused blank icons and incorrect names in the Recycle Bin. In that case, the problem stemmed from a corrupted icon cache. The current bug, however, is uniquely tied to the deferred deletion naming scheme.
Microsoft’s Response and Workaround
Microsoft has acknowledged the bug and is working on a fix, expected to ship in a future cumulative update—likely an out-of-band hotfix or the July 2026 Patch Tuesday release. Until then, the company suggests a manual workaround: users can avoid the confusing prompt by restoring the file first and then permanently deleting it from the original location. This forces Windows to process the deletion without the internal rename.
Another workaround involves disabling the delete confirmation dialog altogether, though that is not recommended for most users. The confirmation can be toggled via Recycle Bin properties (right-click Recycle Bin → Properties → uncheck “Display delete confirmation dialog”) or through Group Policy. For enterprise IT admins, a temporary script can be deployed to bypass the dialog for automated tasks.
Microsoft also emphasized that the bug does not expose any sensitive data beyond the temporary file name, and no original file contents are leaked. The $R names are randomly generated and cannot be used to infer the original file identity without access to the Recycle Bin’s metadata files.
Community Reaction and IT Impact
The Windows enthusiast community has reacted with a mix of bemusement and frustration. On Microsoft’s own community forums and sites like Windows News, users have expressed annoyance at the jarring pop-up. “I almost had a heart attack thinking my files were corrupted,” wrote one user. Another noted, “It’s been a month and my IT department still doesn’t know if it’s safe to install the June updates because of this—it’s holding up our security posture.”
For IT support teams, the bug has become a recurring headache. Help desk tickets have spiked as employees report strange file names, and some organizations have delayed deploying the June 2026 security patches altogether. This creates a dangerous situation where systems remain vulnerable to the very exploits the updates were designed to patch. Microsoft has advised that the security benefits of the updates outweigh the cosmetic inconvenience, urging enterprises to install the fixes despite the Recycle Bin glitch.
Privacy advocates have also raised eyebrows, noting that any exposure of internal naming conventions can aid attackers in understanding system internals. However, security researchers generally agree that the $R naming scheme is already well-documented and offers no practical attack surface.
How to Fix or Mitigate
For individual users and IT administrators, here are the current mitigation strategies:
- Restore then delete: Instead of deleting from the Recycle Bin directly, right-click the file and choose “Restore.” Then navigate to the restored location, right-click, and delete. This uses the standard deletion path and avoids the $R prompt.
- Disable delete confirmation: As mentioned, uncheck the confirmation dialog in Recycle Bin properties. This removes the prompt entirely but also eliminates the safety check. Use with caution.
- Use Shift+Delete from the original location: If you bypass the Recycle Bin when deleting (Shift+Delete), you never see the Recycle Bin prompts. However, recovery becomes more difficult.
- Wait for the official fix: Microsoft’s July 2026 Update, currently in preview, reportedly includes a fix for this bug. Insider builds in the Dev and Beta channels have already received the correction, and feedback indicates the original filenames are now correctly displayed.
Looking Ahead
This incident underscores the delicate balance between security patching and UI stability. As Windows becomes more secure, even minor changes to kernel or shell components can produce unexpected results. Microsoft’s responsiveness in acknowledging the issue within days of the report is commendable, but the month-long wait for a fix has tested user patience.
The Recycle Bin, often an afterthought in operating system design, turns out to be a surprisingly complex piece of Windows legacy. Its behavior intertwines with COM interfaces, shell extensions, and the transactional NTFS file system. A single bug in this area can ripple into daily tasks for millions of users.
For now, the best advice is to install the June 2026 security updates—because protection against active threats outweighs a cosmetic glitch—and apply the restore-then-delete workaround when needed. Windows experts also recommend keeping a close eye on the upcoming Patch Tuesday, as Microsoft is likely to bundle the fix into the July security rollup.
While $R filenames may be disconcerting, they are a reminder that even the most routine parts of Windows can harbor surprises. As one Reddit commenter put it, “I never thought I’d be nostalgic for the days when the only Recycle Bin bug was the sound not playing.”