Microsoft Confirms Incorrect Remote Desktop Warnings Post April 2

Microsoft has confirmed a known issue affecting its April 2026 Windows 11 cumulative update. Remote Desktop Protocol (RDP) security warning dialogs may render incorrectly on certain system configurations. This presents a significant usability concern, especially as these warnings are crucial for protecting users against active phishing threats.

The bug was introduced alongside the April 14, 2026, Patch Tuesday security update, specifically KB5083769 for Windows 11 versions 25H2 and 24H2, and KB5083768 for Windows 11 version 26H1.

These updates introduced new RDP security warnings as part of Microsoft’s broader effort to combat CVE-2026-26151, a Remote Desktop spoofing vulnerability that had been actively exploited in the wild.

The intent was to display a clear, detailed warning dialog before any RDP connection is made, showing publisher verification status, the remote computer’s address, and available local resource access options.

However, users quickly began reporting rendering failures with the new dialog, prompting Microsoft to add it as a formal known issue on April 23, 2026, before issuing a correction to the documentation on April 27, 2026.

Remote Desktop Warnings Incorrect

According to Microsoft’s support documentation, the issue specifically manifests on multi-monitor systems with different display scaling settings.

For example, if one monitor is set to 100% scaling and a second to 125%, the RDP warning window may render with overlapping text or partially hidden buttons, making the critical security prompt difficult or impossible to read and interact with.

This is particularly problematic because the warning dialog is precisely the trust checkpoint users must review before allowing a remote machine access to local resources such as clipboards, smart cards, printers, and cameras.

The underlying RDP warnings were introduced to counter weaponized .rdp file-based phishing campaigns, where threat actors distribute malicious RDP configuration files to silently hijack credentials or redirect sensitive local resources.

The April 2026 updates also made local resource redirection disabled by default for pre-configured RDP files, requiring explicit user acknowledgment on each connection.

Microsoft has indicated a permanent fix will be delivered in a future cumulative update, and enterprise administrators are advised to monitor mixed-DPI workstations closely in the interim.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.