Microsoft beefs up Remote Desktop security with ... hard-to-read messages

Ailing scaling blamed by Windows-maker for unreadable missives
Microsoft's update to harden Remote Desktop against phishing attacks has arrived.

When users open a Remote Desktop (.rdp) file, they should now see a warning listing all requested connection settings - or they would if it was displaying correctly.

It isn't.

At least not for everyone.

Contain your Windows apps inside Linux Windows
The bug was added to the Known Issues list for the April 14 update and, while it appears relatively cosmetic, affected users won't gain the benefit of the security warning.

According to Microsoft, "the warning message that appears when opening Remote Desktop (RDP) files might not display correctly in some cases."
In this instance, "might not display correctly" could mean overlapping text or partially hidden buttons, which makes the message difficult to understand and, if the buttons are hidden, tricky to interact with.

It sounds suspiciously like the message box isn't respecting the display scaling on the current monitor.

Microsoft admitted as much by warning, "This issue can occur when you use more than one monitor with different display scaling settings (for example, one display set to 100 percent and another set to 125 percent.)"
The solution?

Set the display scaling to the same on all monitors.

Alternatively, either invest in a pair of spectacles or accept a loss of screen real estate.

Those last two items did not come from Microsoft, but there's usually a good reason why users have different scaling settings on different monitors, and Windows allows this.

Alternatively, the buttons (if unclickable) can be interacted with using the tab key and spacebar.

Microsoft said it will "address this issue in a future Windows update."
While Microsoft is not planning another Out-of-Band update for the Remote Desktop bug, it did release another this week after a serious .NET security issue was identified following the Patch Tuesday .NET 10.0.6 update.

While looking into complaints about the 10.0.6 update, it found an elevation-of-privilege vulnerability and assigned it the CVE-2026-40372 .

The attack is made possible by forging authentication cookies.

Versions 10.0.0 through 10.0.6 of .NET are affected, and the vulnerability was severe enough to trigger the update.

The problem could affect all versions of Windows that received the update, even the newest Windows 11 26H1.

The Remote Desktop-specific part focused on phishing attacks and .rdp files.

The company wrote,
"When you open an .rdp file, Remote Desktop shows all requested connection settings before it connects, with each setting turned off by default.

A one-time security warning also appears the first time you open an .rdp file on a device."
Which is great, assuming that the user can read and interact with it.

®