Vulnerability described by Microsoft as critical is known as MS12-020 or the RDP flaw. A bounty for a working exploit has been posted on developer site Gun.IO, funded in part by Metasploit creator HD Moore. The vulnerability might easily be exploited to create a worm that spreads automatically between vulnerable computers. Security firms warned that worse is likely to follow. RDP is disabled by default on Windows, but often activated in corporate environments. The utility of the service means it is commonly allowed through firewalls.
Source: https://thehackernews.com/2012/03/poc-windows-rdp-vulnerability-exploit.html