According to the news story, Microsoft stated that behavior is “a design decision to ensure that at least one user has the ability to log in, no matter what system is offline.” For example, Microsoft said that behavior does not meet the definition of safety vulnerability, and the engineers of the company have no plans to change it.
Windows Admins often do not know about credentials, Johannes Ulrig, Dean of Research of the Sans Institute. “This feature is less likely for an administrator to log in from your system. To prevent this, RDP will cache the final set of credentials used credentials, if the server certification is not able to connect back to the server (which is often in the cloud). A man can also change as a result.
To exploit this, Ulrig said, an attacker must first learn old credentials, and they should use them before using their new credentials by the administrator. “To secure RDP, however, is an important task, and not even easy without this problem. Administrators should find ways to offer strong authentication and separate the RDP andpoint as much as possible,” he said.
