Experts say CISOs should be reconsidered using Microsoft RDP due to password flaws.

According to news reports, Microsoft said the behavior was “a design decision designed to ensure that at least one user account can always be logged in, no matter how long the system is offline.” Therefore, Microsoft said the behavior did not meet the definition of a security vulnerability and that company engineers did not change its plans.

Sans Institute dean Johannes Ullrich said Windows administrators are not usually aware of credential caching. “This feature should make it less likely that the administrator will record it from the system. To prevent this feature, RDP will cache the last set of credentials used in case the server cannot connect it back to the authentication server (usually in the cloud these days). The credentials changed by the administrator in the cloud may find that the old credentials are still working.”

Ulrich added that to take advantage of this, the attacker must first learn the old credentials and must use them before the administrator uses the new credentials. “But even without this problem, ensuring RDP is a critical task and is not easy. Administrators have to find ways to provide strong authentication and must isolate RDP endpoints as much as possible,” he said.