A newly unpatched vulnerability could allow client-side attackers to bypass the lock screen on remote desktop sessions. The flaw exists when Microsoft Windows Remote Desktop feature requires clients to authenticate with Network Level Authentication (NLA) The vulnerability was discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI) Microsoft has no plans to patch the flaw anytime soon. Users can protect themselves against potential exploitation of this vulnerability by locking the local system instead of the remote system, and by disconnecting the remote sessions instead of just locking them.
Source: https://thehackernews.com/2019/06/rdp-windows-lock-screen.html