Microsoft Fixes Windows Remote Desktop Security Warning Display Issue

Microsoft has resolved a long‑standing rendering bug that caused newly added Remote Desktop Protocol (RDP) file security warnings to appear malformed on Windows 10 (versions 20H2, 21H1, 21H2) and Windows 11 (version 22H2). The issue, reported by security researcher Alex Bleech through the Microsoft Security Response Center (MSRC) bug‑bounty program, manifested as truncated text, missing icons, and absent checkboxes such as ‘Don’t warn me again’. As a result, users could inadvertently dismiss or ignore the safety prompts that are designed to warn them about untrusted .rdp files.

The fix arrived in the March 2024 cumulative updates: KB5025657 for Windows 10 and KB5025660 for Windows 11. These patches modify the RDP UI handling modules tsuserex.dll and rdpcore_mr.dll, correcting the way certificate chain information and SmartScreen reputation data are displayed in the ‘Do you trust this RDP file?’ dialog. The updates also restore the proper layout of the ‘I understand the risks’ checkbox and the ‘Publisher’ field, aligning the warnings with Microsoft’s UI guidelines for code‑signing verification.

The underlying flaw stemmed from an incorrect handling of the RDP file’s XML metadata within the Windows Shell integration layer, causing the UI framework to misplace controls when the system locale used a right‑to‑left language setting. By adjusting the layout engine’s fallback logic, the patches ensure that the warnings render correctly regardless of locale, and that the ‘Always warn’ flag persists across sessions.

Organizations are urged to deploy the March 2024 updates as soon as possible to mitigate the risk of social‑engineering attacks that rely on malicious .rdp files. Until the patches are applied, users should avoid opening untrusted RDP files and should verify the publisher certificate manually before proceeding.