{"id":235183,"date":"2026-04-14T22:19:37","date_gmt":"2026-04-15T03:19:37","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/microsoft-adds-windows-protections-for-malicious-remote-desktop-files"},"modified":"2026-04-14T22:19:37","modified_gmt":"2026-04-15T03:19:37","slug":"microsoft-adds-windows-protections-for-malicious-remote-desktop-files","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/microsoft-adds-windows-protections-for-malicious-remote-desktop-files","title":{"rendered":"Microsoft adds Windows protections for malicious Remote Desktop files"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/microsoft-adds-windows-protections-for-malicious-remote-desktop-files2.jpg\"><\/a><\/p>\n<p>Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default.<\/p>\n<p>RDP files are commonly used in enterprise environments to connect to remote systems because admins can preconfigure them to automatically redirect local resources to the remote host.<\/p>\n<p>Threat actors have increasingly abused this functionality in phishing campaigns. The Russian state-sponsored APT29 hacking group has <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/amazon-seizes-domains-used-in-rogue-remote-desktop-campaign-to-steal-data\/\" target=\"_blank\" rel=\"nofollow noopener\">previously used rogue RDP files<\/a> to remotely steal data and credentials from victims.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. RDP files are commonly used in enterprise environments to connect to remote systems because admins can preconfigure them to automatically redirect local resources to the remote host. Threat [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-235183","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/235183","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=235183"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/235183\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=235183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=235183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=235183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}