There are not many good reasons for being first when it comes to installing new updates for the Windows operating system. In fact, being second has the potential of avoiding the usual assortment of bugs that happen to be confirmed regularly after releases.
Take the June 2026 security updates as an example. Microsoft confirmed a new bug just days after releasing the update. It affects Windows 10 and Windows 11 systems that use custom folder icons or localized folder names that are defined by desktop.ini.
First spotted by Deskmodder, the issue is described on a new support page on Microsoft’s website:
After installing a Windows security update released on or after June 9, 2026, you might notice one or both of the following behaviors for some folders:
A custom folder icon defined by desktop.ini no longer appears.
A localized folder display name defined by desktop.ini no longer appears, and the folder shows its original name instead.
This behavior might occur even when the user has not changed an application or folder configuration.
Microsoft notes that this behavior is expected, as it introduced a security hardening change that affects desktop.ini.
This new behavior is expected. Starting with the Windows security updates released on June 9, 2026, a security hardening change is introduced to desktop.ini handling. When Windows cannot establish that the source of a desktop.ini file is trusted, Windows ignores that file and treats it as if it is not present. However, desktop.ini files from trusted sources continue to work normally.
Microsoft did not first mention this change in the release notes, but has since then added the information.
When is desktop.ini not trusted? When it is downloaded from the Internet and carries the Mark-of-the-Web, copied from “certain” remote locations, or when “files on network paths are not classified as intranet or trusted by zone policy”.
Microsoft has a few workarounds for affected users.
Option 1: Add the source to Trusted Sites (Recommended)
If the affected content is stored on a known internal or managed source, add that source to the Trusted Sites list. Once the source is treated as trusted, Windows processes desktop.ini from that source normally. This keeps the protection in place for other locations and is the lower-risk option.
Option 2: Use policy to restore previous behavior
Organizations that need broader compatibility can enable the policy Allow the use of remote paths in file shortcut icons.Enabling this policy restores the pre-June 2026 behavior for affected remote or untrusted scenarios.
IMPORTANT Using a broad opt-out reduces protection against malicious remote folder-customization content. If you use a workaround, Microsoft recommends trusting only controlled internal sources and keeping trust settings as narrow as possible.
Option 3: Check for and remove the Mark of the Web (MotW)
If the desktop.ini file has a Mark of the Web (MotW), Windows may treat it as coming from an untrusted source and block customization. Verify whether MotW is present and, if appropriate, remove it from the desktop.ini file. This can restore expected behavior, but should only be done for trusted content, as it removes the associated security protection.
To remove the MotW tag, open PowerShell and run one of the following commands:
For a single desktop.ini file:
Unblock-File “C:\Your\Folder\Path\desktop.ini”
For all desktop.ini files in a folder:
Get-ChildItem “C:\Your\Folder\Path” -Recurse -Filter desktop.ini -Force | Unblock-File