Microsoft has recently received a report of a pretty big exploit in their Remote Desktop Protocol. While they haven't heard of any attacks happening, they said they wouldn't be surprised if they started happening in the next 30 days. The blog post reads:
This exploit can only happen on computers where Remote Desktop was enabled. It should be disabled by default, and can only be enabled if you turn it on yourself. If you're not sure if you enabled it or not, simply open your start menu, right click on "Computer," and go to Properties. On the left sidebar you should see "Remote Settings." Click on that, and make sure "Don't allow connections to this computer" under "Remote Desktop" is selected if you don't use Remote Desktop. There is a Hotfix available that also fixes the issue, which can be downloaded from the blog post. Microsoft urges you to install the hotfix, and it can't really hurt so why not?