We would like to call your attention to the Microsoft released an advisory and patch today, May 14th, for an RDP vulnerability that affects at least Windows XP, 7, 2003, and 2008. The vulnerability can be exploited remotely, in default configuration, without authentication, and with low effort/complexity (for reference, WannaCry was a "high" complexity attack). This patch release includes an unprecedented release of patches for 2003 and XP.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
We are currently assessing the impact and will be releasing additional information, but I strongly encourage you to patch as soon as possible. As with any patching, testing is highly recommend and it is too soon to say if there are known issues with patching but do not wait longer than necessary on this one. I also encourage you to review systems for the need to have RDP access turned on at all and especially those open directly to the internet.
