Disclosure Date: May 16, 2019 (last updated June 09, 2020)
A bug in Windows Remote Desktop protocol allows unauthenticated users to run arbitrary code via a specially crafted request to the service. This affects Windows 7/Windows Server 2008 and earlier releases. Given the ubiquity of RDP in corporate environments and the trusted nature of RDP, this could pose serious concerns for ransomware attacks much like WannaCry.
Patches are released for Windows 7/2008 Operating systems as well as Windows XP.