🔒 Secure Bits 💡
𝗡𝗲𝘄 𝗥𝗗𝗣 𝗱𝗶𝗮𝗹𝗼𝗴𝘀 — 𝗵𝗮𝘃𝗲 𝘆𝗼𝘂 𝘀𝗲𝗲𝗻 𝘁𝗵𝗲𝗺?
With the 𝗔𝗽𝗿𝗶𝗹 𝟮𝟬𝟮𝟲 security update, the Remote Desktop Connection app (MSTSC) shows new warnings when you open .𝗥𝗗𝗣 𝗳𝗶𝗹𝗲𝘀. The point is simple: remind people that RDP files can be used for phishing / tricking users, and force you to explicitly approve what the file is trying to do.
𝗪𝗵𝗮𝘁 𝗰𝗵𝗮𝗻𝗴𝗲𝗱?
1️⃣ First-time “education” dialog (one-time per user)
The first time you open an RDP file after the update, you’ll see an informational dialog explaining what RDP files are and the risks.
Once you allow RDP file connections, it won’t show again for your account.
2️⃣ New security dialog (every time you open an RDP file)
Before any connection is made, you’ll now get a dialog that shows:
▪️ the remote computer address, and
▪️ a checkbox for each local resource the RDP file wants to access (drives/clipboard/devices/etc.)
Important detail: everything is 𝗢𝗙𝗙 𝗯𝘆 𝗱𝗲𝗳𝗮𝘂𝗹𝘁 — you must explicitly enable each resource.
𝗨𝗻𝘀𝗶𝗴𝗻𝗲𝗱 / 𝘂𝗻𝘃𝗲𝗿𝗶𝗳𝗶𝗲𝗱 𝗽𝘂𝗯𝗹𝗶𝘀𝗵𝗲𝗿 = 𝗲𝘅𝘁𝗿𝗮 𝗰𝗮𝘂𝘁𝗶𝗼𝗻
If the RDP file isn’t digitally signed (or can’t be verified), the dialog warns you with something like “Caution: Unknown remote connection” and the publisher shows as Unknown. That’s the exact scenario where tampering/phishing risk is highest.
Yes, there are ways to reduce/revert these dialogs — but honestly, I don’t see the point.
