The usual algorithm of actions turns into a real obstacle course.
Microsoft changes the rules for working with RDP files in Windows: after the April update of 2026, users will see new warnings before connecting to a remote computer. The reason is serious: the usual file for remote access is increasingly becoming a convenient bait in phishing attacks and can open the way for attackers to the data, accounting data and devices of the victim.
The changes affected Remote Desktop Connection in Windows 10, Windows 11, and server versions of Windows Server since Windows Server 2012. After installing the update at the first start of the RDP file, the system will show the training window with the risk explaining. Then, before each connection, a separate security dialog will be opened through such a file before the start of the session.
In the new Windows window shows the address of the remote computer and separately transfers the local resources to which access is requested. All such permissions are now disabled by default, and you will have to turn them on manually. We are talking about a buffer for exchanging, disks, camera, microphone, printers, smart cards, Windows Hello, WebAuthn and other devices that can be redirected to a remote session.
Microsoft explicitly points out that the main threat is related to emails, where the RDP file is disguised as a legitimate investment. After opening, the file can unnoticed connect the computer to the attacker server and transfer access to local data.
The most dangerous company calls the redirection of disks, buffer of exchange, autistics, cameras and microphones. Through such channels, the attacker is able to read files, intercept passwords, eavesdrop on conversations, observe the environment and use the accounts for further penetration.
Separately, Microsoft shared the scripts with signed and unsigned files. If there is no digital signature, the system marks the connection as unknown and shows a warning about an untested publisher. If there is a signature, the publisher will appear in the window, but the company emphasizes: the signature confirms the source of the file and the absence of changes after signing, but does not make the connection automatically safe. Attackers can use names similar to the names of well-known organizations.
The changes do not apply to connections that the user manually enters the computer address directly into the Remote Desktop Connection. For Azure Virtual Desktop and Windows 365, as Microsoft explains, RDP files are usually already signed, so a new window in such scenarios should not appear. If the warning still arises, the company advises not to continue the connection and contact the IT service.
For administrators, Microsoft has left a temporary way to return the previous dialog through the registry, but warns that future Windows updates can remove this feature. In fact, the company makes it clear that the new verification scheme will become permanent, and RDP files will cease to be an invisible tool for remote access.
Microsoft changes the rules for working with RDP files in Windows: after the April update of 2026, users will see new warnings before connecting to a remote computer. The reason is serious: the usual file for remote access is increasingly becoming a convenient bait in phishing attacks and can open the way for attackers to the data, accounting data and devices of the victim.
The changes affected Remote Desktop Connection in Windows 10, Windows 11, and server versions of Windows Server since Windows Server 2012. After installing the update at the first start of the RDP file, the system will show the training window with the risk explaining. Then, before each connection, a separate security dialog will be opened through such a file before the start of the session.
In the new Windows window shows the address of the remote computer and separately transfers the local resources to which access is requested. All such permissions are now disabled by default, and you will have to turn them on manually. We are talking about a buffer for exchanging, disks, camera, microphone, printers, smart cards, Windows Hello, WebAuthn and other devices that can be redirected to a remote session.
Microsoft explicitly points out that the main threat is related to emails, where the RDP file is disguised as a legitimate investment. After opening, the file can unnoticed connect the computer to the attacker server and transfer access to local data.
The most dangerous company calls the redirection of disks, buffer of exchange, autistics, cameras and microphones. Through such channels, the attacker is able to read files, intercept passwords, eavesdrop on conversations, observe the environment and use the accounts for further penetration.
Separately, Microsoft shared the scripts with signed and unsigned files. If there is no digital signature, the system marks the connection as unknown and shows a warning about an untested publisher. If there is a signature, the publisher will appear in the window, but the company emphasizes: the signature confirms the source of the file and the absence of changes after signing, but does not make the connection automatically safe. Attackers can use names similar to the names of well-known organizations.
The changes do not apply to connections that the user manually enters the computer address directly into the Remote Desktop Connection. For Azure Virtual Desktop and Windows 365, as Microsoft explains, RDP files are usually already signed, so a new window in such scenarios should not appear. If the warning still arises, the company advises not to continue the connection and contact the IT service.
For administrators, Microsoft has left a temporary way to return the previous dialog through the registry, but warns that future Windows updates can remove this feature. In fact, the company makes it clear that the new verification scheme will become permanent, and RDP files will cease to be an invisible tool for remote access.
