We strongly advise anyone using Remote Desktop Services to apply Microsoft Patch KB2621440 at the earliest opportunity. This patch fixes two privately reported vulnerabilities within the Remote Desktop Services frequently used by administrators to control servers and end-users using Remote Desktops.
It affects ALL versions of Windows.
The more serious of the two vulnerabilities could allow an unauthenticated hacker to run code on a vulnerable machine, which potentially could result in a very serious security breach.
We believe that this vulnerability will be exploited in the very nearing future.