Remote Desktop Protocol Archives

Winsage

February 16, 2026

Contain your Windows apps inside Linux Windows

WinApps and WinBoat are two solutions for running Windows applications on Linux. WinApps, developed since 2020 by Ben Curtis, allows users to run a genuine copy of Windows in a virtual machine (VM) and export individual applications to the Linux desktop using Microsoft's Remote Desktop Protocol (RDP). It supports various methods, including Docker, Podman, and KVM virtualization, with KVM offering extensive customization but requiring a more complex setup. WinBoat, a newer application at version 0.9.0, simplifies the user experience by automating much of the setup process and requires only Docker and FreeRDP to be installed. WinBoat is designed for ease of use, making it accessible for users less comfortable with technical configurations. Both tools allow users to run Windows software that may not work well under WINE, but running a full Windows OS in a VM involves licensing, maintenance, and resource considerations.

Winsage

January 30, 2026

Microsoft Adds Centralized RDP Shortpath Control via GPO and Intune

Microsoft has enhanced the management of Remote Desktop Protocol (RDP) Shortpath, now available through Group Policy Objects (GPO) and Microsoft Intune, allowing IT teams to implement centralized control over RDP Shortpath behavior across Azure Virtual Desktop (AVD) session hosts and Windows 365 Cloud PCs. RDP Shortpath improves performance and reliability by establishing a direct, UDP-based network connection, reducing latency and enhancing responsiveness for audio and video applications. Prior to this update, managing RDP Shortpath was fragmented, requiring manual adjustments on individual session hosts, which complicated consistent networking behavior. The new centralized configuration allows administrators to enforce Shortpath settings uniformly, reducing administrative overhead and ensuring consistent performance and security controls. Administrators can manage RDP Shortpath settings centrally, control all Shortpath modes, and ensure compatibility with AVD host pool settings. Effective operation of RDP Shortpath requires appropriate network conditions, and policy changes necessitate a restart of session hosts or Cloud PCs.

Winsage

December 12, 2025

Repurposing an ‘Obsolete’ Windows 10 Laptop into a Thin Client, Part 1 — Virtualization Review

42% of desktop systems were still operating on Windows 10 as of mid-October 2025, leaving millions of devices unsupported and vulnerable to security risks. Organizations are considering either investing in new Windows 11 devices or repurposing old PCs into thin clients. The RepurpOS thin-client operating system can revitalize aging hardware, such as the Dell E7440 laptop, which is available for around 0 on platforms like eBay. RepurpOS requires modest hardware specifications: an Intel or AMD x86 CPU, 2 GB of RAM, and 4 GB of persistent storage. It is offered through a subscription model that is more affordable than Microsoft’s Extended Security Updates for Windows 10. The installation process for RepurpOS is straightforward, and it supports various remote desktop protocols, including Citrix, Horizon, and AWS. Testing with Remote Desktop Protocol (RDP) shows that modern implementations provide fast and secure remote access with features like Adaptive Graphics and GPU-accelerated rendering.

Winsage

November 14, 2025

Be thankful: November’s Patch Tuesday has just one zero-day

The Readiness team analyzes updates monthly, providing testing guidance based on Microsoft patches. The November release includes updates for network infrastructure, remote connectivity, and wireless components, requiring careful testing despite no high-risk flags. Key areas for testing remote connections include validating packet transmission over IPv4 and IPv6, transferring large files over IPv6, testing web browsing and workflows with Microsoft Teams and Skype, and verifying Remote Desktop connections. The updates significantly impact application communication capabilities, necessitating dedicated validation for IPv6 alongside IPv4 operations.

Winsage

October 22, 2025

Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025

Microsoft has identified an authentication issue affecting users of Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025, due to updates rolled out since late August 2025. These updates have caused failures in Kerberos and NTLM protocols on devices with identical Security Identifiers (SIDs), leading to widespread login disruptions in enterprise networks. Users have reported repeated credential prompts, error messages, and compromised network access, including issues with Remote Desktop Protocol (RDP) sessions and Failover Clustering operations. Event Viewer logs indicate machine ID mismatches and potential session discrepancies. The problem is particularly severe in virtual desktop infrastructure (VDI) environments where multiple machines share SIDs. Microsoft has emphasized the importance of using the Sysprep tool to ensure unique SIDs during cloning, as the recent updates now strictly verify SIDs during authentication. IT administrators can temporarily alleviate the authentication blocks with a specialized Group Policy, but a permanent solution involves rebuilding devices using approved cloning procedures. As of October 21, 2025, no broader patch has been released.

Winsage

October 9, 2025

Tested: Why Remote Desktop Protocol (RDP) rejects Microsoft account logins

Some users are experiencing issues with Remote Desktop Protocol (RDP) rejecting Microsoft Account (MSA) credentials, displaying an error message about invalid credentials. This problem can arise from various technical factors, including: - Credential validation failures due to issues with Microsoft server interactions. - Problems with secure channel negotiation during the authentication process. - Time synchronization or DNS resolution issues affecting credential verification. - Misconfigured credential policies that block MSA logins over RDP. - Network-Level Authentication requirements that may hinder access if the MSA does not meet security standards like two-factor authentication. - Account restrictions or conditional access policies that impose specific compliance requirements. - Corruption of the user profile associated with the MSA. - Software conflicts or updates, particularly with recent Cumulative Updates or third-party security tools. To address MSA authentication failures, creating a local administrator account on the target machine can serve as a workaround for RDP access. Some users have noted that while most PCs function well with an MSA, certain systems require a local account for successful connections, particularly on Windows versions 24H2 and 25H2 within Insider Preview builds.

Winsage

September 24, 2025

Windows 11 KB5065790 23H2 released, direct download links (.msu)

Windows 11 KB5065790 is being rolled out for version 23H2, focusing on bug fixes and signaling the end of service for this version on November 11, 2025. This update does not introduce new features. Users can manually install the optional update via the settings app or use an offline installer file (.msu) if they encounter issues. The update resolves login issues for users with SIM-type authentication and disconnection problems during Remote Desktop Protocol (RDP) sessions. Additionally, an Out-of-band update for Windows 11 24H2 addresses urgent issues, excluding SMB protocol problems, and resolves issues affecting Microsoft Office applications in App-V environments, as well as bugs in Microsoft Edge and printer queue UI crashes. The SMB file sharing issue remains unresolved in the OOB update for 24H2.

Tech Optimizer

August 8, 2025

Cyberattackers Leverage Trusted Drivers to Disable Antivirus Software and Bypass Security Protocols

A cyberattack on a Brazilian enterprise involved the use of legitimate, digitally signed drivers to disable antivirus solutions and deploy MedusaLocker ransomware. The attackers executed a Bring Your Own Vulnerable Driver (BYOVD) attack by exploiting the ThrottleStop.sys driver, which has a critical vulnerability (CVE-2025-7771) allowing unauthorized memory access. They compromised an SMTP server using valid RDP credentials, extracted user credentials with Mimikatz, and moved laterally across the network. The attackers uploaded and executed an AV killer program and a renamed version of the driver, terminating antivirus processes to facilitate ransomware deployment. The malware targeted major antivirus vendors and employed kernel-level commands to eliminate security processes. Recommendations for defense include multi-factor authentication, hardening RDP access, and implementing layered security measures.

Winsage

July 24, 2025

ExpressVPN patches Windows bug that exposed remote desktop traffic

ExpressVPN has released a critical patch (version 12.101.0.45) for its Windows application to address a vulnerability that could expose remote desktop traffic, particularly for users utilizing Remote Desktop Protocol (RDP) or traffic routed through TCP port 3389. The vulnerability was reported by an independent researcher on April 25, and the patch was rolled out five days later. While the company indicated that the vulnerability was unlikely to have been exploited, it acknowledged the need for user protection and is implementing automated tests to prevent similar issues in the future.

Winsage

June 20, 2025

Microsoft boosts default security of Windows 365 Cloud PCs

Microsoft is enhancing its Windows 365 Cloud PCs with new security features starting in May 2025. All newly provisioned and reprovisioned Cloud PCs using a Windows 11 gallery image will have Virtualization-Based Security (VBS), Credential Guard, and Hypervisor-Protected Code Integrity (HVCI) enabled by default. VBS creates a secure environment to protect system processes, Credential Guard secures authentication credentials, and HVCI ensures only verified code runs at the kernel level. Additionally, beginning in the latter half of 2025, clipboard, drive, USB, and printer redirections will be disabled by default on newly provisioned and reprovisioned Cloud PCs to mitigate security risks, although IT administrators can re-enable these features if needed.