Microsoft's recent Remote Desktop security update aims to protect users from phishing attacks through .rdp file warnings, but a display bug renders these security measures ineffective for users with multiple monitors featuring different scaling settings.
Microsoft has released an update designed to enhance Remote Desktop security against phishing attacks, but a critical bug in the implementation may leave users vulnerable. The update, released on April 14, 2026, was intended to display comprehensive warnings when users open Remote Desktop (.rdp) files, listing all requested connection settings before establishing a connection.
The security feature works by showing users all connection settings with each option turned off by default, allowing them to verify the connection details before proceeding. A one-time security warning also appears the first time a user opens an .rdp file on a device. This approach helps prevent users from unknowingly connecting to potentially malicious remote desktop sessions.
However, a significant bug in the implementation has been discovered. According to Microsoft, "the warning message that appears when opening Remote Desktop (RDP) files might not display correctly in some cases." This "might not" understates the problem, as affected users report overlapping text and partially hidden buttons, making the warning difficult to understand and potentially impossible to interact with.
The root cause appears to be related to display scaling. Microsoft has confirmed that "This issue can occur when you use more than one monitor with different display scaling settings (for example, one display set to 100 percent and another set to 125 percent.)"
This creates a serious security concern. If users cannot properly read or interact with the security warning, they may inadvertently approve connections to potentially malicious remote desktop sessions. The Remote Protocol has historically been a target for attackers, with vulnerabilities like BlueKeep (CVE-2019-0708) demonstrating the potential for exploitation.
Microsoft has provided temporary workarounds for affected users:
- Set display scaling to the same percentage on all monitors
- Use keyboard navigation (Tab key and Spacebar) to interact with potentially hidden buttons
- Accept reduced screen real estate by adjusting display settings
The company has added the issue to its Known Issues list and stated it will "address this issue in a future Windows update." No timeline has been provided for this fix.
The timing of this bug is particularly concerning given Microsoft's recent history with security issues. Just this week, the company released an out-of-band update to address a critical elevation-of-privilege vulnerability (CVE-2026-40372) in .NET 10.0.0 through 10.0.6. This vulnerability, discovered during investigation of user complaints about the 10.0.6 update, allows attackers to forge authentication cookies to gain elevated privileges.
The Remote Desktop issue affects all versions of Windows that received the April 14 update, including the newest Windows 11 26H1. While Microsoft has not indicated plans for another out-of-band update specifically for the Remote Desktop bug, the severity of the display issue raises questions about the testing process for security-critical features.
For organizations relying on Remote Desktop for secure access, this bug represents a significant security gap. The inability to properly verify connection settings could expose systems to man-in-the-middle attacks or other phishing-based exploits. Security professionals should consider additional verification steps until Microsoft releases a fix.
Microsoft's acknowledgment of the issue is a positive step, but the delay in addressing a security-critical bug raises concerns about the company's patch management process. Users should remain vigilant about the connections they establish through Remote Desktop and consider implementing additional security measures until the display issue is resolved.
Comments
Please log in or register to join the discussion