Microsoft has rolled out new security features in Windows to protect users from phishing attacks that exploit Remote Desktop connection files.
These updates are designed to stop attackers from using .rdp files to quietly access sensitive data and system resources.
RDP files are widely used in workplaces to connect to remote computers, often with settings that automatically share local resources like files and devices. However, this same feature has been abused by attackers in phishing campaigns, where victims are tricked into opening malicious RDP files that connect to attacker-controlled systems.
Once opened, these files can allow remote systems to access local drives, steal stored data, capture clipboard content such as passwords, and even misuse authentication methods like smart cards or Windows Hello. Groups like APT29 have previously used this technique to target victims.
With the latest Windows updates released in April 2026, Microsoft is adding new safeguards to reduce these risks. The first time a user opens an RDP file, they will now see an educational message explaining what these files do and warning about potential dangers. Users must acknowledge this before continuing.
After that, every attempt to open an RDP file will trigger a security prompt before any connection is made. This prompt shows key details like the remote system address, whether the file is from a verified publisher, and which local resources the file is trying to access. All resource sharing options are turned off by default, giving users control over what gets shared.
If the file is not digitally signed, Windows will display a clear warning that the connection comes from an unknown source. Even for signed files, users are still advised to confirm the legitimacy before proceeding.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
These protections only apply when opening RDP files directly and do not affect connections made through the Remote Desktop app itself. While administrators can disable these warnings through system settings, Microsoft strongly recommends keeping them enabled due to the growing use of RDP files in cyberattacks.
