RC RANDOM CHAOS

Microsoft Locks Down RDP Files With New Anti-Phishing Protections in Windows

· via BleepingComputer

Original source

Microsoft adds Windows protections for malicious Remote Desktop files

BleepingComputer →

Microsoft’s April 2026 cumulative updates for Windows 10 and Windows 11 introduce built-in defenses against a phishing vector that has been exploited heavily by state-sponsored groups, including Russia’s APT29. The attack abuses Remote Desktop Protocol (.rdp) configuration files, which can silently connect a victim’s machine to an attacker-controlled server and redirect local drives, clipboard contents, smart cards, and Windows Hello credentials to the remote host.

The new protections work in two layers. On first encounter, Windows displays a one-time educational prompt explaining what RDP files are and the risks they carry. Every subsequent RDP file open triggers a security dialog that shows the file’s signing status, the target server address, and a full list of requested resource redirections - all disabled by default. Unsigned files get an explicit “Unknown remote connection” warning. Signed files still prompt users to verify the publisher before connecting.

The protections only cover connections initiated by opening .rdp files directly, not sessions started through the Remote Desktop client app. Admins can disable the feature via a registry key, though Microsoft recommends against it given the long history of RDP file abuse in targeted attacks.

Read the full article

Continue reading at BleepingComputer →

This is an AI-generated summary. Read the original for the full story.