Microsoft resolves phishing issue in Windows 11 update
What's the story
Microsoft has released its April 2026 security update for Windows 11, patching a Remote Desktop phishing vulnerability. The issue had been increasingly exploited in targeted attacks. The update is applicable to versions 26H1, 25H2, 24H2, and 23H2 of the operating system and comes with both security patches and system enhancements.
Exploitation details
Update addresses critical RDP vulnerability
The security update primarily targets a vulnerability related to Remote Desktop Protocol (.rdp) files. These files are often used for remote access in enterprise settings but have been exploited by cybercriminals to deceive users into connecting with malicious systems. The latest release from Microsoft includes protective measures that modify the behavior of these files when opened, thereby mitigating the risk of such attacks.
Attack mechanism
Vulnerability could lead to unauthorized remote access
The phishing vulnerability allowed cybercriminals to spread malicious .rdp files through phishing emails or downloads. When opened, these files could connect to attacker-controlled systems without clearly informing users. In some cases, sensitive features like clipboard access or local file sharing could also be enabled, increasing the risk of data exposure.
Update features
Update introduces new warning messages and connection settings
The April 2026 update brings several changes aimed at improving transparency and control. Users now have to review connection settings before an .rdp file connects, with these settings disabled by default to prevent automatic access to local resources. A one-time warning message is displayed the first time an .rdp file is opened, alerting users about potential risks.
Interface improvements
Other system-level issues also addressed in the update
The connection interface now provides clearer information about the remote system, enabling users to verify the source before proceeding. These changes are aimed at preventing silent connections and reducing the chances of users unknowingly granting access to their systems. Beyond Remote Desktop protections, the update also addresses several system-level issues such as unexpected BitLocker recovery after Secure Boot updates and incorrect "No Internet" errors when accessing Microsoft services.