Microsoft earlier this month released security vulnerability patch for Remote Desktop Protocol (RDP) for legacy servers of Windows 2003, Windows 2008, and Windows 2008 R2. While Windows 2003 reached its end of life support back in 2015, but Microsoft released this out of band patch for the OS.
This CVE-2019-0708 will patch the RDP bug that could allow an attacker without valid credentials to connect to a vulnerable system over RDP or the Remote Desktop Protocol and send specially crafted RDP requests. If exploited, the vulnerability could spread to other vulnerable servers in a worm-like fashion. It means that future malware that exploits this RDP bug vulnerability could spread from system to system in similar ways as the WannaCry malware spread across the globe in 2017.
While Vootwerk recommends to lock down ports on the firewall and users to use secure methods to connect to a server via VPN, however this does not prevent the RDP bug exploit. The risk is still existed until the CVE-2019-0708 patch is applied.