The critical vulnerability CV3E-2019-0708 affecting Windows Server 2008 and Windows 7.
This vulnerability allows unauthenticated users to make requests through RDP (remote desktop protocol).
Unauthenticated actors can exploit this vulnerability to “view, change, or delete data; or create new accounts with full user rights.”
Temporarily disabling RDP is the immediate mitigation for this vulnerability. Updating affected systems is the preferred mitigation. Workarounds include enabling NLA (network level authentications) and/or blocking TCP 3389.