Applies To
Windows Server 2025 Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows 11 version 25H2, all editions Windows 11 version 24H2, all editions Windows 11 version 23H2, all editions Windows 10, version 22H2, all editions Windows 10, version 21H2, all editions Windows 10, version 1809, all editions Windows 10, version 1607, all editions

Original publish date: February 12, 2026

KB ID: 5080542

Introduction

After installing a Windows update released on or after January 13, 2026, certain applications might fail to autofill credentials during remote support sessions or automated authentication workflows. This behavior is part of new security hardening efforts to address the vulnerability described in CVE-2026-20824.

What new behavior should I expect?

Users and IT administrators might observe the following behavior while trying to connect to another device using screen sharing or a third-party remote or automation tool:

  • Applications attempting to autofill credentials into the Windows authentication dialog and sign-in interfaces might fail to do so.

  • Credential dialogs might not respond to virtual keyboard input from remote desktop or screen sharing tools or apps, such as Microsoft Teams or similar third-party apps.

  • Automatic or scripted authentication workflows might not proceed because the credentials interface no longer accepts input.

What caused this change of behavior?

This intentional change of behavior is designed to protect users against untrusted input injection (see the vulnerability in CVE-2026-20824 for details). Following the installation of a Windows update released on or after January 13, 2026, Windows authentication dialogs will only accept input from trusted local sources, such as physical keyboard input, trusted accessibility applications with UIAccess privilege, or applications running with elevated (administrator) integrity.

What should I expect going forward?

Windows credential interfaces will continue to be protected against input from remote or automated tools for security reasons. If credentials are entered from non-trusted contexts, two measures take place:

  • Remote keystroke injections, remote virtual keyboards, and automated credential submission from remote tools will continue to be restricted.

  • Authentication dialogs will ignore input (including virtual keyboard inputs).

What do I need to do because of this change of behavior?

Update applications to avoid keyboard entry into credential interfaces. Instead, authenticate through supported Windows authentication interfaces.

How can I temporarily change back to the previous behavior?

This change in behavior may be temporarily mitigated. Do so by enabling applications performing remote credential submission to run with elevated (administrator) privileges. This should allow the previous behavior until applications can be updated to account for the hardening changes driven by CVE-2026-20824.

Caution: Only revert back to the previous behavior in tightly controlled environments where the application handles trusted inputs, trusted data, and trusted endpoints. This mitigation should only remain temporary until the application is updated to avoid keyboard entry into credential interfaces and instead authenticate through supported Windows authentication interfaces.

Is there additional help for organizations and IT admins?

If your organization needs immediate help to manage this change and the guidance documented in this article is not viable for you, please contact Microsoft Support for business.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center