A serious vulnerability has recently been discovered in Microsoft's RDP / RDS / terminal services.
The vulnerability makes it possible for an attacker to execute code remotely without authentication. Experience from the past shows that these types of vulnerabilities have the potential to be abused on a large scale. For that reason we want to draw extra attention to the security update for this vulnerability. At the moment there is no public exploit code known to exploit the vulnerability. However, we expect that this will not take long.
Exploitation of the vulnerability can be prevented through NLA (Network Level Authentication). In Windows 7 and Windows Server 2008 (R2) this option must be enabled. For more information about, among other things, this mitigation measure, see Microsoft's security advice on RDP vulnerability. This contains instructions on how to make your system secure.