Microsoft has released a critical update that affects all supported versions of Windows operating systems - it's about vulnerabilities in Remote Desktop that could allow remote code execution. This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system.
The security update addresses the vulnerabilities by modifying the way that the Remote Desktop Protocol processes packets in memory and the way that the RDP service processes packets. The fix was included with this week's Tuesday Updates, however, you are advised to install the update manually if you use Remote Desktop services and haven't enabled automatic updating!
Read more - http://support.microsoft.com/kb/2671387