[groovybits]

Thinking of this in context to Win7 EOL approaching:

I imagine the type of people who have RDP publicly exposed are the same type of people who will not be upgrading from Win7 anytime soon.

I suspect we will see many exploits of this to come.

[londons_explore]

Microsoft really ought to develop their own worm, and use it to patch the flaw.

They can release it on the same day as the regular updates, and scan the whole IPv4 address space every hour.

That way, the pool of unpatched machines will be so tiny it isn't worth evil people trying to exploit it.

[groovybits]

Its the same threat vector as BlueKeep, so I would imagine the prime exploitation window for Win7 (which was/is vulnerable to both) has already passed.

A quick Shodan query already does what you're thinking.

[kgwxd]

Wouldn't that be illegal? I hope so.