Why has RDP been so vulnerable to exploits for so long? It seems Microsoft should require credentials sent before processing any complex graphics rendering stuff, yet even to this day, it is possible to view a remote logon screen, get remote audio, etc. all unauthenticated!
