Microsoft has officially acknowledged a known issue in its April 2026 Windows 11 cumulative update: Remote Desktop Protocol (RDP) security warning dialogs may render incorrectly on certain system configurations, a significant usability concern given that the warnings are designed to protect users from active phishing threats.
The bug was introduced alongside the April 14, 2026, Patch Tuesday security update, specifically KB5083769 for Windows 11 versions 25H2 and 24H2, and KB5083768 for Windows 11 version 26H1.
These updates introduced new RDP security warnings as part of Microsoft’s broader effort to combat CVE-2026-26151, a Remote Desktop spoofing vulnerability that had been actively exploited in the wild.
The intent was to display a clear, detailed warning dialog before any RDP connection is made, showing publisher verification status, the remote computer’s address, and available local resource access options.
However, users quickly began reporting rendering failures with the new dialog, prompting Microsoft to add it as a formal known issue on April 23, 2026, before issuing a correction to the documentation on April 27, 2026.
Remote Desktop Warnings Incorrect
According to Microsoft’s support documentation, the issue specifically manifests on multi-monitor systems with different display scaling settings.
For example, if one monitor is set to 100% scaling and a second to 125%, the RDP warning window may render with overlapping text or partially hidden buttons, making the critical security prompt difficult or impossible to read and interact with.
This is particularly problematic because the warning dialog is precisely the trust checkpoint users must review before allowing a remote machine access to local resources such as clipboards, smart cards, printers, and cameras.
The underlying RDP warnings were introduced to counter weaponized .rdp file-based phishing campaigns, where threat actors distribute malicious RDP configuration files to silently hijack credentials or redirect sensitive local resources.
The April 2026 updates also made local resource redirection disabled by default for pre-configured RDP files, requiring explicit user acknowledgment on each connection.
Microsoft has indicated a permanent fix will be delivered in a future cumulative update, and enterprise administrators are advised to monitor mixed-DPI workstations closely in the interim.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
