Microsoft has confirmed a problem that causes new Windows security warnings when opening Remote Desktop (.rdp) files to be displayed incorrectly, and that affects all supported versions after the April 2026 cumulative updates. The failure is not a simple aesthetic error: on screens with different steps between monitors the text can overlap and the buttons can be partially hidden, making it difficult or difficult to interact with the security dialogue. Microsoft documents this incidence in its support notices for updates, for example in the notes of KB5083768 and KB5082200, where it explains exactly when and how the problem occurs and in which buildings it appears: KB5083768 and KB5082200.
Microsoft introduced these security warnings as a preventive measure to reduce abuse of malicious .rdp files, showing the user if the file is signed, the remote address and what local readdresses (units, clipboard, devices) are requested, all disabled by default. The function is a major security improvement because the attackers have used .rdp preconfigured to get access and steal credentials or data, as have documented several APT incidents and phishing campaigns.
The practical problem is double: on the one hand, the warning window may not allow the connection to be correctly confirmed or cancelled; on the other hand, confused users can avoid the warning by opening .rdp files without verifying its content or returning to unsafe practices. In business environments this can result in interruptions in remote support, increased risk for bad user decisions and overload in helpdesk equipment.
While Microsoft works on a correction, there are concrete and secure measures that administrators and users can take right now. First, inspect the .rdp files before running them: a .rdp file is flat text and can be opened with the Notebook to review lines such as full address, username, redirectclipboard or redirectdrives; this reveals which local resources you ask to redirect. Second, if you use several monitors, temporarily adjust the scale so that everyone is at the same percentage or use only one monitor when opening .rdp until the solution is published, as the problem is played with different steps between screens.
In addition, strengthen the perimeter and RDP policy: apply network-level authentication (NLA), restrict access to protocol via VPN or jump hosts, enable multi-factor authentication and minimize the number of hosts directly exposed to the Internet. Distribute .rdp preconfigured from digitally controlled and signed internal channels whenever possible, and educate users not to open .rdp files received by mail or messaging without prior verification. To review good practices on remote access and its hardening, please see Microsoft's technical documentation on Remote Desktop customers: Remote Desktop clients and the United Kingdom NCSC remote access security guide: Remote access guidance.
I do not recommend risky solutions such as indiscriminately disable security controls or unverified registration changes; instead, prioritize the operational controls and time mitigation described and wait for the official corrective update. Meanwhile, centralize the deployment of legitimate .rdp files, record and monitor unusual connection attempts and corroborate with support teams when users report unresponsive dialogues before allowing remote connections.
Finally, stay informed and apply the updates that Microsoft publishes to correct this bug as soon as they are available. Check the official support pages to receive notifications and steps recommended by Microsoft according to its Windows or Windows Server version: in addition to the above-mentioned KB, Microsoft publishes status and mitigation notices on its support portal and notification centers.
Practical summary: do not open unverified .rdp, examine its content with a text editor, unify the monitor scale or use one only when opening .rdp, strengthen remote access with NLA and MFA, and apply the official correction when Microsoft publishes it. These actions reduce the immediate risk and prevent a presentation failure from leading to a real gap.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...