Microsoft beefs up Remote Desktop security with ... hard-to-read messages
(2026/04/24)
- Reference: 1777031272
- News link: https://www.theregister.co.uk/2026/04/24/remote_desktop_security_beefed_up/
- Source link:
Microsoft's update to harden Remote Desktop against phishing attacks has arrived. When users open a Remote Desktop (.rdp) file, they should now see a warning listing all requested connection settings - or they would if it was displaying correctly.
It isn't. At least not for everyone.
Contain your Windows apps inside Linux Windows [1]READ MORE
The [2]bug was added to the Known Issues list for the April 14 update and, while it appears relatively cosmetic, affected users won't gain the benefit of the security warning. According to Microsoft, "the warning message that appears when opening Remote Desktop (RDP) files might not display correctly in some cases."
In this instance, "might not display correctly" could mean overlapping text or partially hidden buttons, which makes the message difficult to understand and, if the buttons are hidden, tricky to interact with.
It sounds suspiciously like the message box isn't respecting the display scaling on the current monitor. Microsoft admitted as much by warning, "This issue can occur when you use more than one monitor with different display scaling settings (for example, one display set to 100 percent and another set to 125 percent.)"
[3]
The solution? Set the display scaling to the same on all monitors. Alternatively, either invest in a pair of spectacles or accept a loss of screen real estate. Those last two items did not come from Microsoft, but there's usually a good reason why users have different scaling settings on different monitors, and Windows allows this.
[4]
[5]
Alternatively, the buttons (if unclickable) can be interacted with using the tab key and spacebar.
Microsoft said it will "address this issue in a future Windows update."
While Microsoft is not planning another Out-of-Band update for the Remote Desktop bug, it [6]did release another this week after a serious .NET security issue was identified following the Patch Tuesday .NET 10.0.6 update.
While looking into complaints about the 10.0.6 update, it found an elevation-of-privilege vulnerability and assigned it the [7]CVE-2026-40372 . The attack is made possible by forging authentication cookies.
Versions 10.0.0 through 10.0.6 of .NET are affected, and the vulnerability was severe enough to trigger the update.
[8]HP's remote desktop push retreats as Anyware heads for end of life
[9]HP's remote desktop push retreats as Anyware heads for end of life
[10]Ransomware crims abused Cisco 0-day weeks before disclosure, says Amazon security boss
[11]Who's the bossware? Ransomware slingers like employee monitoring tools, too
The problem could affect all versions of Windows that received the update, even the newest Windows 11 26H1. The Remote Desktop-specific part focused on phishing attacks and .rdp files. The company wrote,
"When you open an .rdp file, Remote Desktop shows all requested connection settings before it connects, with each setting turned off by default. A one-time security warning also appears the first time you open an .rdp file on a device."
[12]
Which is great, assuming that the user can read and interact with it. ®
Get our [13]Tech Resources
[1] https://www.theregister.com/2026/02/14/winapps_and_winboat/
[2] https://support.microsoft.com/en-gb/topic/april-14-2026-kb5083769-os-builds-26200-8246-and-26100-8246-22f90ae5-9f26-40ac-9134-6a586a71163b
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aeuTrNYQDB8BJnXfZ0iIhAAAAUE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aeuTrNYQDB8BJnXfZ0iIhAAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aeuTrNYQDB8BJnXfZ0iIhAAAAUE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob-security-update/
[7] https://github.com/dotnet/announcements/issues/395
[8] https://www.theregister.com/2026/04/20/hp_anyware_eol/
[9] https://www.theregister.com/2026/04/20/hp_anyware_eol/
[10] https://www.theregister.com/2026/03/18/amazon_cisco_firewall_0_day_ransomware/
[11] https://www.theregister.com/2026/02/12/ransomware_slingers_bossware/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aeuTrNYQDB8BJnXfZ0iIhAAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[13] https://whitepapers.theregister.com/
It isn't. At least not for everyone.
Contain your Windows apps inside Linux Windows [1]READ MORE
The [2]bug was added to the Known Issues list for the April 14 update and, while it appears relatively cosmetic, affected users won't gain the benefit of the security warning. According to Microsoft, "the warning message that appears when opening Remote Desktop (RDP) files might not display correctly in some cases."
In this instance, "might not display correctly" could mean overlapping text or partially hidden buttons, which makes the message difficult to understand and, if the buttons are hidden, tricky to interact with.
It sounds suspiciously like the message box isn't respecting the display scaling on the current monitor. Microsoft admitted as much by warning, "This issue can occur when you use more than one monitor with different display scaling settings (for example, one display set to 100 percent and another set to 125 percent.)"
[3]
The solution? Set the display scaling to the same on all monitors. Alternatively, either invest in a pair of spectacles or accept a loss of screen real estate. Those last two items did not come from Microsoft, but there's usually a good reason why users have different scaling settings on different monitors, and Windows allows this.
[4]
[5]
Alternatively, the buttons (if unclickable) can be interacted with using the tab key and spacebar.
Microsoft said it will "address this issue in a future Windows update."
While Microsoft is not planning another Out-of-Band update for the Remote Desktop bug, it [6]did release another this week after a serious .NET security issue was identified following the Patch Tuesday .NET 10.0.6 update.
While looking into complaints about the 10.0.6 update, it found an elevation-of-privilege vulnerability and assigned it the [7]CVE-2026-40372 . The attack is made possible by forging authentication cookies.
Versions 10.0.0 through 10.0.6 of .NET are affected, and the vulnerability was severe enough to trigger the update.
[8]HP's remote desktop push retreats as Anyware heads for end of life
[9]HP's remote desktop push retreats as Anyware heads for end of life
[10]Ransomware crims abused Cisco 0-day weeks before disclosure, says Amazon security boss
[11]Who's the bossware? Ransomware slingers like employee monitoring tools, too
The problem could affect all versions of Windows that received the update, even the newest Windows 11 26H1. The Remote Desktop-specific part focused on phishing attacks and .rdp files. The company wrote,
"When you open an .rdp file, Remote Desktop shows all requested connection settings before it connects, with each setting turned off by default. A one-time security warning also appears the first time you open an .rdp file on a device."
[12]
Which is great, assuming that the user can read and interact with it. ®
Get our [13]Tech Resources
[1] https://www.theregister.com/2026/02/14/winapps_and_winboat/
[2] https://support.microsoft.com/en-gb/topic/april-14-2026-kb5083769-os-builds-26200-8246-and-26100-8246-22f90ae5-9f26-40ac-9134-6a586a71163b
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aeuTrNYQDB8BJnXfZ0iIhAAAAUE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aeuTrNYQDB8BJnXfZ0iIhAAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aeuTrNYQDB8BJnXfZ0iIhAAAAUE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://devblogs.microsoft.com/dotnet/dotnet-10-0-7-oob-security-update/
[7] https://github.com/dotnet/announcements/issues/395
[8] https://www.theregister.com/2026/04/20/hp_anyware_eol/
[9] https://www.theregister.com/2026/04/20/hp_anyware_eol/
[10] https://www.theregister.com/2026/03/18/amazon_cisco_firewall_0_day_ransomware/
[11] https://www.theregister.com/2026/02/12/ransomware_slingers_bossware/
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/applications&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aeuTrNYQDB8BJnXfZ0iIhAAAAUE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[13] https://whitepapers.theregister.com/
Re: QA SNAFU
cyberdemon
They sacked the kids and their crayons and replaced them with LLM chatbots. The quality suffered further
Security?
BPontius
Having Remote Desktop & 'allow remote access to this computer' enabled by default is the opposite of secure Microsoft!
May also want to reconsider having defined and enabled by default, remote access to registry paths. Security?
Resources
Paratiritis
It seems the PC Microsoft use for all testing has broken down, therefore some quality issues are expected.
Quite impressive, actually
David 132
Modern Windows frameworks - WPF, WinUI3 - handle dpi scaling automatically, with minimal effort on the part of the developer. So Microsoft must have put real effort into breaking it. Or they used WinForms, and forgot to dynamically resize all controls or fonts :)
QA SNAFU
2 kids with crayons doing the MS QA now so no surprises here