Microsoft patched a critical Remote Code Execution (RCE) vulnerability found in the Remote Desktop Services (RDS) platform. The vulnerability can allow malicious actors to create malware designed to propagate between computers running vulnerable RDS installations. Microsoft advises that all affected systems irrespective of whether NLA is enabled or not should be updated as soon as possible. Microsoft says that the critical RDS vulnerability tracked as CVE-2019-0708 impacts only older in-support versions of Windows. Windows 8 and Windows 10 users are not impacted by the vulnerability because of the latest Windows releases.
Source: https://www.bleepingcomputer.com/news/security/microsoft-fixes-critical-remote-desktop-flaw-blocks-worm-malware/