Microsoft recently released a statement that there has been a major security exploit found in varying versions of the Remote Desktop Protocol. This exploit allows attackers to remotely implement code execution.
Excerpt from the Microsoft release:
“The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.”
Since Remote Desktop isn’t automatically enabled, you are not at risk if you do not use Remote Desktop. However, if you do use Remote Desktop, you should download the necessary patches immediately to mitigate your risk. If you have automatic update enabled, the update will automatically download and install. If you do not, take a few minutes to update now. Check out these instructions on updating your software.