Windows users will now see better warnings when opening Remote Desktop Protocol (*.rdp) files once they have applied the April 2026 Patch Wednesday round of security updates.
The new alerts come after United Kingdom's National Cyber Security Centre (NCSC) reported the issue to Microsoft as a spoofing vulnerability in Remote Desktop.
Microsoft rated it as an important 7.1 out of 10 vulnerability, while noting exploitation of it was likely.
Prior to the patch released this week, warnings for Windows users opening RDP files were not noticeable enough.
Microsoft has issued updated guidance on the risk and danger of opening RDP files to go with the April patch relase, reminding users that phishers abuse the remote access capability.
Opening an RDP file means users can silently and inadvertently share parts of their local device, clipboard, drives or camera with an attacker's remote computer, Microsoft warned.
A Russian threat actor dubbed Midnight Blizzard has been tracked by Microsoft since 2024, targeting government, academia, defence and other sectors with spear-phishing emails, using RDP files.
Separately, Google's Threat Intelligence Group (GTIG) last year spotted a phishing campaign it attributed to a "suspected Russia-nexus espionage actor" tracked as UNC5387.
UNC5837 leverages resource redirection by mapping victim file systems to attacker servers, while presenting RemoteApps controlled by the threat actor.
The April 2026 set of patches addressed two zero-days, security vendor Tenable said.
One of them, indexed as CVE-2026-32201, a SharePoint Server spoofing vulnerability, was exploited in the wild, according to Microsoft.
Melbourne Cloud & Datacenter Convention 2026
iTnews Executive Retreat - Data & AI Edition
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
