Microsoft has added new Windows protections that warn users and disable risky shared resources by default when opening Remote Desktop (.rdp) connection files to thwart phishing attacks. A one-time educational prompt and a subsequent security dialog reveal publisher verification, remote addresses, and list disabled local redirections to help prevent credential and data theft previously abused by groups like APT29. #APT29 #RDP
Keypoints
- April 2026 updates (KB5082200, KB5083769, KB5082052) introduce protections for RDP connection files.
- Users see a one-time educational prompt explaining what RDP files are and their risks.
- Future opens display a security dialog showing publisher status, remote address, and disabled local resource redirections by default.
- Unsigned RDP files are labeled as βCaution: Unknown remote connectionβ and show an unverified publisher warning.
- Administrators can temporarily disable the protections via a registry setting, though keeping them enabled is strongly recommended.