If the attacker is successful, they can then access the system remotely using the Remote Desktop connection. From here, they can view, record, and delete files on the system, as well as control the system.
The remote access weakness means that the attacker doesn't need to know a user's password to gain access to the system. If you enable the remote access feature on the user's account, the attacker can then use the connection at will.
Remote access could be used to access a system as a service account. As well as being able to write files, the attacker could delete files to wipe out evidence of previous attacks. Hydro-M ort could target a root account that had the remote access feature enabled. 7211a4ac4a