https://arstechnica.com/information-technology/2019/05/why-a-windows-flaw-patched-nine-days-ago-is-still-spooking-the-internet/
We've said it a million times: don't expose RDP via NAT; VPN in instead. Now here is proof that it's been completely insecure for years.