On an installed system, all you have to do to have port 3389/tcp suddenly open is to *visit* the "share" tab in the settings. No need to change a thing, just visit it, then close the window. Boom, you have rdp desktop sharing running. At least it's a random password (I think: it's not the local account password).
I think this is a bit more nefarious.
On an installed system, all you have to do to have port 3389/tcp suddenly open is to *visit* the "share" tab in the settings. No need to change a thing, just visit it, then close the window. Boom, you have rdp desktop sharing running. At least it's a random password (I think: it's not the local account password).