Microsoft has rolled out new Windows protections in the April 2026 cumulative updates (Windows 10 and 11) to defend against phishing attacks that abuse Remote Desktop Protocol (.rdp) files. When users open an RDP file for the first time after the update, they see a one-time educational prompt explaining the risks. Subsequent attempts show a security dialog displaying the publisher's verification status, the remote address, and all local resource redirections — with all redirections disabled by default. Unsigned files trigger a 'Caution: Unknown remote connection' warning. These protections apply only to connections initiated via RDP files, not through the Windows Remote Desktop client directly. Administrators can temporarily disable the protections via a Registry key, though Microsoft strongly advises keeping them enabled given the history of RDP file abuse by threat actors like APT29.
Sort: