Security experts were unanimous that MS12-020 needed to be patched urgently. A few days later, the threat got even more real when proof-of-concept (PoC) exploit code was discovered online. Experts were concerned that attackers would quickly develop an exploit–possibly even a worm reminiscent of threats from the Golden Age of malware like Nimda and SQL Slammer. PoC code may have been developed internally at Microsoft to test the vulnerability, and may be leaked from Microsoft’s MAPP (Microsoft Active Protection Program)”]
Source: https://www.csoonline.com/article/2131259/patch-now–microsoft-rdp-exploit-code-is-in-the-wild.html