Full Report
Ailing scaling blamed by Windows-maker for unreadable missives Microsoft's update to harden Remote Desktop against phishing attacks has arrived. When users open a Remote Desktop (.rdp) file, they should now see a warning listing all requested connection settings - or they would if it was displaying correctly.…
Analysis Summary
# Vulnerability: .NET Elevation of Privilege via Authentication Cookie Forgery
## CVE Details
- **CVE ID:** CVE-2026-40372
- **CVSS Score:** Not explicitly listed (Categorized as "Severe" elevation of privilege)
- **CWE:** CWE-287 (Improper Authentication) / CWE-290 (Authentication Bypass by Spoofing)
## Affected Systems
- **Products:** Microsoft .NET
- **Versions:** .NET 10.0.0 through 10.0.6
- **Configurations:** Systems running applications utilizing .NET authentication cookies.
## Vulnerability Description
A serious elevation-of-privilege vulnerability exists in .NET 10.0 caused by the improper validation of authentication tokens. An attacker can exploit this flaw by forging authentication cookies. Successful exploitation allows an attacker to bypass security boundaries and gain elevated privileges on the target system or application. This flaw was discovered following the release of the April Patch Tuesday updates for .NET 10.0.6.
## Exploitation
- **Status:** Identified/Reported (Triggered an Out-of-Band security update)
- **Complexity:** Not specified (Likely Medium)
- **Attack Vector:** Network / Web
## Impact
- **Confidentiality:** High (Access to restricted data via elevated privileges)
- **Integrity:** High (Ability to modify data or system states)
- **Availability:** Medium (Potential for unauthorized configuration changes)
## Remediation
### Patches
- **.NET 10.0.7:** An Out-of-Band (OOB) security update has been released to address this vulnerability. Users should update from 10.0.6 to 10.0.7 immediately.
### Workarounds
- No specific workarounds are provided for the .NET vulnerability; immediate patching is the recommended course of action.
---
# Vulnerability: Remote Desktop (RDP) Security Warning UI Failure
## CVE Details
- **CVE ID:** N/A (Functional bug impacting a security feature)
- **CVSS Score:** N/A
- **CWE:** CWE-601 (Credential Exposure / Phishing) - Secondary impact
## Affected Systems
- **Products:** Windows 11, Windows 10
- **Versions:** Windows 11 26H1 and other versions receiving the April 14, 2026, update (KB5083769 / Build 26200.8246 and 26100.8246).
- **Configurations:** Multi-monitor setups using different display scaling settings (e.g., 100% on one, 125% on another).
## Vulnerability Description
This is a regression/bug in a security hardening feature designed to prevent RDP-based phishing. The intended feature displays a warning listing all connection settings in an `.rdp` file before a connection is established. However, due to a display scaling error, the warning message may render incorrectly (overlapping text or hidden buttons). This prevents users from reviewing security settings or interacting with the prompt, effectively neutralizing the security benefit of the hardening measure.
## Exploitation
- **Status:** Not exploited (Bug interferes with security visibility)
- **Complexity:** N/A
- **Attack Vector:** Local (Social Engineering/Phishing via `.rdp` files)
## Impact
- **Confidentiality:** Medium (Users may inadvertently connect to malicious servers)
- **Integrity:** Low
- **Availability:** Low (UI elements may be unclickable)
## Remediation
### Patches
- Microsoft has acknowledged the issue and plans to address it in a "future Windows update." No specific patch is currently available for the UI bug.
### Workarounds
- **Uniform Scaling:** Set all monitors to the same display scaling percentage.
- **Keyboard Navigation:** Use the **Tab** key to cycle through hidden buttons and the **Spacebar** to select/confirm settings if they are not visible or clickable via mouse.
## Detection
- **Indicators of compromise:** Visual distortion (overlapping text) when opening `.rdp` files.
- **Detection methods and tools:** Manual verification of Windows Build numbers (26200.8246 / 26100.8246) and display scaling configurations.
## References
- Microsoft KB5083769: hxxps[:]//support[.]microsoft[.]com/en-gb/topic/april-14-2026-kb5083769-os-builds-26200-8246-and-26100-8246-22f90ae5-9f26-40ac-9134-6a586a71163b
- .NET Security Announcement: hxxps[:]//github[.]com/dotnet/announcements/issues/395
- .NET 10.0.7 OOB Update: hxxps[:]//devblogs[.]microsoft[.]com/dotnet/dotnet-10-0-7-oob-security-update/