There is much information about how dangerous it is to have RDP open to WAN.

But let us ignore all that risks with open port etc. for a moment.

Let's consider the case when we have an ongoing RDP session. So the question is, can an ongoing RDP session be exploited by a hacker?