Microsoft Addresses Remote Desktop Security Warnings Issue
Microsoft has resolved a known issue that caused newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. This issue affected all supported Windows versions, including Windows 11, Windows 10, and Windows Server, on devices with multiple monitors and different display scaling settings.
The bug was addressed in the optional KB5083631 preview cumulative update for Windows 11, which was released on Thursday, along with 34 other changes. According to Microsoft, the update addresses an issue that affects the Remote Desktop Connection security warning dialog, which could render incorrectly in multi-monitor scenarios when the monitors had different scaling set.
Impact of the Bug
The security warnings appearing when opening RDP files may not display correctly on affected Windows systems. The buttons in the alert windows are misaligned or partially hidden, and the text is hard to read, making it difficult, and in some cases impossible, to interact with the security dialog.
These warnings were introduced on Windows systems with the April 2026 cumulative updates to disable risky shared resources by default as a defense against phishing attacks that abuse Remote Desktop connection (.rdp) files. RDP files are commonly used to connect to remote systems in enterprise environments because they can be preconfigured to automatically redirect local resources to a remote host.
Abuse of RDP Files by Threat Actors
However, threat actors have also increasingly abused RDP files in phishing campaigns, including the Russian APT29 cyber-espionage group, which has used them to steal documents and credentials from victims' devices remotely. After installing the April security updates, a one-time educational prompt will appear when opening an RDP file for the first time, warning about the associated risks.
Afterward, a security dialog is displayed before any connection is made when opening RDP files, showing whether the file is signed by a verified publisher, the remote system's address, and all local resource redirections (including drives, clipboard, or devices), with every option disabled by default. If RDP files are not digitally signed, Windows displays a Caution: Unknown remote connection warning, with the publisher labeled as unknown.
Other Issues with the April Security Updates
According to user reports, the KB5083769 security update also breaks third-party backup apps from multiple vendors on Windows 11 24H2 / 25H2 systems due to a VSS (Volume Shadow Copy Service) timeout. Last month, Microsoft also released out-of-band (OOB) updates to fix multiple Windows Server issues that caused restart loops and update installation failures after installing the April 2026 security updates.
A recent study found that 99% of what Mythos found is still unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop.
- Microsoft: New Remote Desktop warnings may display incorrectly
- Microsoft adds Windows protections for malicious Remote Desktop files
- April KB5083769 Windows 11 update causes backup software failures
- Recently leaked Windows zero-days now exploited in attacks
- Microsoft: April updates trigger BitLocker key prompts on some servers
Source: BleepingComputer