Microsoft Fixes Windows Security Warning Issue in Remote Desktop Files

Microsoft has successfully addressed a known issue that was causing Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. This issue affected all supported Windows versions, including Windows 11 (KB5083768 & KB5083769), Windows 10 (KB5082200), and Windows Server (KB5082063), particularly on devices with multiple monitors and different display scaling settings.

The bug was resolved in the optional KB5083631 preview cumulative update for Windows 11, released alongside 34 other changes. Microsoft explained that the update specifically tackled an issue with the Remote Desktop Connection security warning dialog, particularly in multi-monitor scenarios with varying scaling settings. This problem was observed following the installation of the April 2026 (KB5083769) security update.

Initially identified by Microsoft, the security warnings associated with opening RDP files were not displaying correctly on affected Windows systems. Buttons in the alert windows were misaligned or partially hidden, making it challenging for users to interact with the security dialog.

The introduction of these security warnings was a response to the April 2026 cumulative updates aimed at disabling risky shared resources by default to combat phishing attacks that exploit Remote Desktop connection files.

RDP files are commonly utilized in enterprise environments to connect to remote systems, enabling the automatic redirection of local resources to a remote host. However, threat actors, including the Russian APT29 cyber-espionage group, have exploited these files in phishing campaigns to steal documents and credentials remotely.

Following the installation of the April security updates, users are now presented with an educational prompt when opening an RDP file for the first time to highlight associated risks. Subsequently, a security dialog is displayed before any connection is established, providing details on the file’s signature, the remote system’s address, and local resource redirection options.

If RDP files lack digital signatures, Windows issues a “Caution: Unknown remote connection” warning with an unknown publisher label. Conversely, digitally signed files trigger a warning prompting users to verify their legitimacy before proceeding.

Reports indicate that the KB5083769 security update has caused issues for third-party backup applications from various vendors on Windows 11 24H2 / 25H2 systems due to a Volume Shadow Copy Service (VSS) timeout.

In a related development, Microsoft released out-of-band updates to address Windows Server issues that led to restart loops and update installation failures post the April 2026 security updates.

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.

Experience autonomous, context-rich validation at the Autonomous Validation Summit (May 12 & 14) to uncover exploitable vulnerabilities, validate control measures, and complete the remediation cycle.

Claim Your Spot