You can always install activate-linux, and it even works on Windows.

I never mentioned vulnerabilities, I just wanted to point out that, RDP doesn’t really work without a graphical session, Windows Server Core gets around this by being a graphical session (although very basic).

Also I’m not sure, but I don’t think Windows handles RDP on the kernel level, it’s just nicely tied in with DWM and doesn’t have to deal with the multitude of window managers on Linux.

Handling RDP on the kernel level does sound like a bad idea security wise, but there should be a better way.

Windows Server Core still has a window manager, just all it does show a command prompt very similar to the one in the usual Windows recovery environment.