The next Internet wormable vulnerability (CVE-2019-0708) resides in Remote Desktop Services – formerly known as Terminal Services – that could be exploited remotely by sending specially crafted requests over RDP protocol to a targeted system.The vulnerability could be exploited to spread wormable malware in a similar way as the WannaCry malware spread across the globe in 2017. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
MS has even written a patch for XP and 2003, so it seem like quite a serious vulnerability.
Quick workarounds to save people looking:
Block port 3389 at the perimeter, stopping unsolicited RDP inbound traffic
Enable Network Level Authentication on all RDP connections (means attackers need to authenticate, mitigating the vulnerability).
Then get the latest patched installed (*** Subject to your normal patch testing procedure, of course ***)
Unfortunately, continuing to routinely patch critical security vulnerabilities (May 2014, May 2017, May 2019), emboldens the argument that XP remains vendor supported in practice, in spite of vendor claims to the contrary.