Back

Microsoft Enhances RDP File Protections Amid Phishing Threats

Severity: High (Score: 78.5)

Sources: Itnews.Au, learn.microsoft.com, www.microsoft.com, Bleepingcomputer

Summary

Microsoft has introduced new security measures for Windows to combat phishing attacks that exploit Remote Desktop Protocol (.rdp) files. These updates, part of the April 2026 cumulative updates, aim to prevent unauthorized access to local resources when users open malicious RDP files. Threat actors, including the Russian state-sponsored group APT29 and another group known as Midnight Blizzard, have been using these files to steal sensitive information. The updates include educational prompts for users and security dialogs that warn about the risks of connecting to unverified remote systems. Microsoft rated the vulnerability associated with these attacks as a significant threat, with a score of 7.1 out of 10. The April 2026 patch also addressed two zero-day vulnerabilities, including CVE-2026-32201. Users are advised to keep the new protections enabled to mitigate risks effectively. Key Points: • Microsoft released new protections for RDP files to combat phishing attacks. • The updates include warnings and disabled resource sharing by default. • Threat actors like APT29 and Midnight Blizzard have exploited RDP files for data theft.

Key Entities

  • Apt29 (apt_group)
  • Midnight Blizzard (apt_group)
  • Phishing (attack_type)
  • United Kingdom (country)
  • CVE-2026-32201 (cve)
  • Government (industry)
  • T1021 - Remote Services (mitre_attack)
  • T1112 - Modify Registry (mitre_attack)
  • T1566.001 - Spearphishing Attachment (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • SharePoint (platform)
  • Windows (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed