Microsoft adds Windows protections for malicious Remote Desktop files
Summary
Microsoft has implemented new security measures in Windows to combat phishing attacks that leverage malicious Remote Desktop connection (.rdp) files. These protections include displaying warnings to users and disabling risky shared resources by default, aiming to prevent unauthorized access through compromised RDP files.
IFF Assessment
This is good news for defenders as Microsoft is actively improving defenses against a known attack vector used in phishing campaigns.
Defender Context
Defenders should be aware of the evolving threats associated with RDP files and educate users about the potential risks. This update from Microsoft demonstrates a proactive approach to securing remote access, highlighting the ongoing cat-and-mouse game between attackers and defenders in this space.