Yet another RDP attack surfaces?
‘we have determined that this behavior does not meet the Microsoft Security Servicing Criteria for Windows .. As long as it is connected, the client will cache the credentials used for connecting and reuse them when it needs to auto-reconnect (so it can bypass NLA)."’ except it'll bypass the lock screen on remote sessions.
a. See locked RDP session.
b. Pull ethernet cable.
c. Reconect ethernet cable.
d. Get full access to session.
e. Not a security vulnerability.