RDP File Signing: What Has Changed After the April 2026 Updates

In mid-April 2026, Microsoft published information about vulnerability CVE-2026-26151. Windows was not warning the user clearly enough when they opened a potentially dangerous RDP connection or RDP file. As a result, the user could mistake a malicious connection for a legitimate one.

An update has now been released that has become more noticeable and additionally notifies the user that a connection is being made to a remote computer. Whereas previously resource redirections were enabled by default when connecting, now the Redirections checkboxes are disabled by default and cannot be enabled in bulk.

It should be noted separately that if an RDP file is not signed, an additional warning "Caution: Unknown remote connection" is displayed and the value in the "Publisher" field is "Unknown publisher". But even if a file has a valid signature, the system now draws the user's attention with a banner reading "Verify the publisher of this remote connection".

Microsoft recommends signing RDP files using the rdpsign utility. However, this utility does not support working via PKCS#11 providers and has no option to specify a timestamp server. For now, signing can only be done with code signing certificates whose private key is located directly within the server's trust store.