Remote Desktop RDP Warnings Bug: Phishing Defense Undermined by Display Scaling

Microsoft's April 2026 Remote Desktop security update introduces phishing warnings for .rdp files, but a display scaling bug on high-DPI monitors can hide the dialog's buttons, potentially leading users to inadvertently connect to malicious servers. The bug affects Windows 11 systems with scaling above 150%, and Microsoft has acknowledged the issue without providing a fix timeline. Users can work around it by using keyboard shortcuts or lowering display scaling temporarily.

Microsoft’s April 2026 Remote Desktop hardening push is a classic case of a security improvement arriving with an awkward user-interface footnote. The company has added new warnings when users open .rdp files, designed to combat phishing attacks that trick users into connecting to malicious remote servers. But early adopters have discovered that the warnings can be partially hidden by display scaling settings on high-DPI monitors, potentially reducing their effectiveness.

The update, rolled out via Windows Update KB5036892 on April 14, 2026, introduces a dialog box that displays the full remote computer name and publisher information before a connection is established. The goal is to give users a clear chance to verify the legitimacy of a remote desktop request—a common vector for credential theft. However, users on Windows 11 23H2 and 24H2 have reported that when display scaling is set to 150% or higher, the warning dialog’s bottom portion—which contains the “Connect” and “Cancel” buttons—can be cut off or rendered off-screen.

“I nearly clicked Connect on a suspicious link because I couldn’t see the Cancel button,” one user posted on the Windows Forum. “The dialog box was huge, but the buttons were below my screen’s visible area.” The issue appears to be most prevalent on laptops with 13- and 14-inch screens running at 1920×1080 or higher resolutions, where scaling of 150% or 200% is common. Users have found a temporary workaround: lowering the display scaling to 100% before launching an .rdp file, which restores the full dialog, but this is far from an ideal security workflow.

Microsoft has acknowledged the bug in a support document published on April 18, stating that the company is “investigating a display scaling issue that may cause the Remote Desktop connection warning dialog to appear truncated on certain high-DPI configurations.” The company recommends that users manually resize the dialog by dragging its edges, or use the keyboard shortcut Alt+C to accept and Alt+N to cancel, as an interim measure. “We are working on a fix that will ensure the dialog correctly scales on all display settings,” the support document adds, though no timeline has been provided.

The bug is particularly concerning because it undermines the very purpose of the security update. Phishing attacks using .rdp files have surged in 2025 and early 2026, with threat actors sending emails that claim to be from IT support or colleagues, requesting a remote connection. The new warning is supposed to be a last line of defense, but if the buttons are hidden, users may inadvertently click “Connect” out of frustration or confusion. Security researcher Will Dormann noted on X that “a security prompt that users can’t see is worse than no prompt at all—it gives a false sense of security.”

For IT administrators, this creates a dilemma. They can deploy Group Policy settings to enforce the new warning behavior, but they cannot control how it renders on every device. “We’ve had three helpdesk tickets this week from users saying they can’t connect to our remote desktop gateway because the button is missing,” said a system administrator for a mid-sized law firm. “We had to talk them through using Alt+C, which is not something you want to do for 200 users.” The admin added that his team is now considering delaying the KB5036892 rollout until Microsoft releases a fix.

The bug also highlights a broader tension in Windows development: security features are often designed with default display settings in mind, but real-world usage involves a wide variety of screen sizes and scaling preferences. Microsoft has been pushing high-DPI support for years, but legacy dialogs and new ones alike can still break when scaling exceeds 125%. The Remote Desktop team, which is separate from the Windows Shell team, may not have tested the warning dialog at extreme scaling levels.

Microsoft has not yet released a public fix, but users on the Windows Insider Beta Channel have reported that build 22635.3420, released on April 22, includes a revised dialog that adapts to scaling more gracefully. That build is not yet available to the general public, and it may take several weeks before it reaches the Release Preview Channel and then mainstream Windows Update. In the meantime, users are advised to use keyboard shortcuts or adjust their scaling temporarily.

From a security perspective, the bug is a reminder that even well-intentioned updates can introduce new risks. The best practice for now is to educate users about the Alt+C and Alt+N shortcuts, and to ensure that remote desktop connections are only initiated from trusted sources. If you are an IT administrator, consider testing the update on a small set of devices before a full rollout, and monitor for any dialog display issues. For individual users, if you encounter a truncated warning, do not click blindly—use the keyboard to cancel, and verify the remote server name with your IT department.

Looking ahead, Microsoft needs to improve its testing processes for high-DPI scenarios. The company has made strides with Windows 11’s overall scaling, but security dialogs—which are often critical and time-sensitive—must be bulletproof. Until then, the Remote Desktop warning remains a useful tool, but one that requires a careful workaround to actually work as intended.