Unblock CHM files after patch for MS05-026 - Vulnerability in HTML Help

I have been running Mark Russinovitch's ProcessExplorer utility on several machines which are fairly well locked down and the help details pain has not been displaying. After trying a lot of security related fixes I could think of I finally googled it and found that a recent patch added a new feature to block HTML files which came from outside computers. When you look at the properties of the file in Explorer an option to "Unblock" will appear if it is blocked. Checking that fixed the problem. The same problem arises when you try to open the file directly. Then a dialog titled "Open File - Security Warning" appears and warns about the danger of proceeding. It gives the option to uncheck - "Always ask before opening this file" - which does the same thing as 'Unblocking'. I found that while running as a limited user I could check those boxes but it had not effect, so I had to make the change while running as Admin make the Unblock effective for all users. Thus I conclude, that while I don't know exactly what information is stored to control this, but that it seems to be applied on a machine-wide basis, not per user.

The following bulletins and KB articles from MS address this issue:

• You cannot open HTML Help files from Internet Explorer after you install security update 896358
• 896358: MS05-026 - A vulnerability in HTML Help could allow remote code execution
• INFO: Executing Files by Hyperlink and the File Download Dialog Box

Update:

It appears that this behavior is controlled by something called Persistent Zone Identifier. There is a fair amount of documentation of them on the MS site (Persistent Zone Identifier Object), but surprisingly little discussion in blogs. Here is one example referencing from Internet Explorer7 Bugs at Channel9:

HTML Help doesn't work
When I try to view a chm help file that has been downloaded from the internet, the help browser loads about:blank rather than the help page. This happens when the chm file has what I think is called a persistent zone identifier associated with the file (on NTFS - when I double-click the file, I get a security warning before launching). If the file does not have the identifier (removed via Properties->Unblock) the help page is correctly displayed.