# Microsoft adds Windows protections against malicious Remote Desktop files

_Tuesday, April 14, 2026 at 8:05 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_

![Microsoft adds Windows protections against malicious Remote Desktop files — Primary](https://www.bleepstatic.com/content/hl-images/2025/05/28/Windows-headpic.jpg)

Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection files, adding warnings and disabling risky shared resources by default.

Remote Desktop Protocol files are commonly used in enterprise environments to connect to remote systems because administrators can preconfigure them to automatically redirect local resources to the remote host. Threat actors have increasingly abused this functionality in phishing campaigns, with state-sponsored hacking groups using rogue RDP files to remotely steal data and credentials.

When opened, malicious RDP files can connect to attacker-controlled systems and redirect local drives to the connected device, allowing attackers to steal files and credentials stored on disk. They can also capture clipboard data such as passwords or redirect authentication mechanisms to impersonate users.

As part of the April 2026 cumulative updates for Windows 10 and Windows 11, Microsoft has released new protections to prevent malicious RDP connection files from being used on devices. When users open an RDP file for the first time after installing the update, a one-time educational prompt explains what RDP files are and warns about their risks.

Future attempts to open RDP files will display a security dialog before any connection is made. This dialog shows whether the RDP file is signed by a verified publisher, the remote system's address, and lists all local resource redirections with every option disabled by default.

If a file is not digitally signed, Windows displays a 'Caution: Unknown remote connection' warning and labels the publisher as unknown. If the RDP file is digitally signed, Windows displays the publisher but still warns users to verify their legitimacy before connecting.

The new protections apply only to connections initiated by opening RDP files, not to those made through the Windows Remote Desktop client. Administrators can temporarily disable the protections through Registry modifications, but Microsoft strongly recommends keeping them enabled given historical abuse of RDP files in attacks.

## Sources

- [BleepingComputer](https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-windows-protections-for-malicious-remote-desktop-files/)

---
Canonical: https://techandbusiness.org/newswire/QnO7x4BjxSH5gdfvmSmeTJ
Retrieved: 2026-04-21T10:24:19.100Z
Publisher: Tech & Business (techandbusiness.org)