Microsoft released an update (896358) to Windows to fix a vulnerability in HTML Help could allow remote code execution. Article number 896358 states that this behavior is by design.

The fix released by Microsoft is to change the registry. There are 2 ways to change this in the registry. On a file by file basis or to change the MaxAllowedZone from the default of 'Local Machine' to a higher zone. Available 'Zones' are: Local Machine, Local Intranet, Trusted Site, Internet, and Restricted sites. Instructions for each method can be found in KB article 896054