Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Windows Security Popup (CredentialUIBroker.exe)

Go to answer
Dan.Lister
Level 5

‎21-01-26 12:24 PM

We have recently been impacted by the latest Windows Update (KB5074109). We run processes for clients and internally that launch RemoteApps through various means, Remote Desktop Connection Center / Saved .RDP files which causes the Windows Security popup to appear (CredentialUIBroker.exe).

DanLister_0-1768998014592.png

We've always attached to this process and entered creds and then built the system that launches using Surface Automation. This has run perfectly for years. After this update we can no longer interact with CredentialUIBroker.exe or the Windows Security window. Copilot is now telling us the following:- 

The Windows Security prompt is now fully non-automatable
As of January 13, 2026 Patch Tuesday, Microsoft hardened:

Winlogon
Credential UI
Secure Desktop rendering over RDP
These prompts now:

Run on Secure Desktop
Are isolated in Session 0
Block UI Automation, Win32 hooks, accessibility tools
Explicitly prevent programmatic interaction
This is intentional and security-driven, following exploitation of Desktop Window Manager (DWM) vulnerabilities patched in January 2026

We've tried pre-saving credentials using cmdkey, but aren't having any luck with this as yet. For one of our apps we download a digitally signed .rdp and within that file it is set to always prompt from credentials so we can't stop it doing it.

Has anyone found the same issue/found a workaround?

1 BEST ANSWER

Helpful Answers

Go to answer
Michael_S
Community Team
Community Team

‎23-01-26 04:44 PM

Hi all, 

We have some suggested workarounds for you provided in this article:

https://support.blueprism.com/en/support/solutions/articles/7000096893 

We'll continue to update that link with any new information that comes to light, and please feel free to continue to discuss, feedback and share tips here.

View answer in original post

17 REPLIES 17

Go to answer
naveed_raza
Level 9

‎21-01-26 01:46 PM

This has to handle and fix by your infrastructure/ RPA COE team by doing image or patch update via policy. We already done this 

0 Likes

Go to answer
Dan.Lister
Level 5

‎21-01-26 03:16 PM

Hi, 

Can you explain further what you mean?

0 Likes

Go to answer
steven.boggs
Staff
Staff

‎22-01-26 02:59 PM

Hi Dan,

We'd always recommend to apply O/S-level updates in a lower environment first to test their impact on existing automations before allowing the updates to be applied in Production environments.

Microsoft has released a few Windows updates recently that contain changes to comply with certain EU regulations, including credential pop-ups like the one you describe. It may be the case that with this Windows Update package, the credentials pop-up you were previously able to spy and interact with has been changed (i.e. from an application layer to the system layer), and may require a new Object to be created to interact with it. For example, if the window was previously able to be spied/interacted with from an Object that was interacting with the target application from which the pop-up originated, Windows may have moved that from the application to the system, and you'd need to account for this change in your Process design.

To restore functionality until this change can be accounted for, you could roll back the MSFT KB update in Production after determining which one affected this change, but keep it applied in your Development/Testing environment to create a new Object to interact with the new/changed pop-up window.

Go to answer
Dan.Lister
Level 5
In response to steven.boggs

‎22-01-26 03:22 PM

Thanks Steven, 

We've rolled back for now. 

The window we attached to was always in its own object. We connected to CredentialUIBroker.exe and a window title of Windows Security, but it seems we can no longer attach to that process. I can see it is still running as that process and window title, but we now can't attach and get the message "Could not open target process". If we run the Blue Prism app as admin, it will then attach. 

0 Likes

Go to answer
naveed_raza
Level 9
In response to Dan.Lister

‎22-01-26 08:29 PM

i will check here with my RPA COE team what fix they have done and will share here

0 Likes

Go to answer
Carol.Ouellet
Level 6

‎22-01-26 10:29 PM

We have noticed the same issue happening in ou non-prod environment this week.

I find it strange that we don't appear to be many groups with this issue.

Since the window cannot be automated, I'd like to hear from Blue Prism.

 

0 Likes

Go to answer
Dan.Lister
Level 5
In response to Carol.Ouellet

‎23-01-26 09:23 AM

Yes we've logged with Blue Prism and are still waiting to have a call with them, but so far we have no solution. I expected there to be a lot more people affected, but I can only see it mentioned on UiPath forums. It's the first time i've come across something that I can't seem to find a workaround for other than running as admin.

0 Likes

Go to answer
naveed_raza
Level 9
In response to Dan.Lister

‎23-01-26 10:36 AM - edited ‎23-01-26 10:37 AM

i checked with our RPA COE Team, what they said is , deleting credentials from machines clears it.

they ran this below line of code in command prompt, which will clear all credentials and post that will not get that popup, 

rundll32.exe keymgr.dll, KRShowKeyMgr

you can check with your IT team regarding this and try the luck.

0 Likes

Go to answer
Dan.Lister
Level 5

‎23-01-26 01:55 PM

Blue Prism have responded and are testing suggested workarounds from Microsoft.

0 Likes