On the latest Patch Tuesday, August 13th, Microsoft disclosed multiple pre-authentication remotely exploitable vulnerabilities in Windows remote desktop services (RDS). This means that the vulnerabilities can be exploited without any authentication or user interaction.
