This article has been written before more than 24months, information might old.
So you notice cpu spikes on the process winlogon.exe and rarely on csrss.exe, and maybe you also see high memory consumption on a svchost process that is registered to the SYSTEM. If you have RDP(remote desktop connection protocol) ON is likely that you receive a lot of incoming brute-force connections on your RDP station. You can check that in windows events.
In that case you have 2 simple solutions, first solution is to install a program that monitors and bans repeated attempts of login for RDP and you can try RdpGuard(but is not free) or free alternatives like IP Ban ( http://www.digitalruby.com/securing-your-windows-dedicated-server/ ) available on github and EvlWatcher( http://nerderies.blogspot.com/ ), but you can choose even a simpler solution.
The second and the simplest method that works almost everytime is to change de default port that is assigned to the number 3389 and you can change that port by modifying the registry key PortNumber located at :
[ HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp ]
using this method is likely that you wont …