Internet facing doesnt matter

Whist there are plenty of internet-facing Windows servers out there (ever request a Windows VPS from one of the myriad of VPS hosting companies out there and you'll end up with a Windows server on the internet using RDP as the primary access method) the risk is much bigger than this.

If someone was to comprimise any internal or DMZ hosts (whatever the OS), this vulnerability leaves all your valuable Windows hosts (Exchange, SQL etc) open to also be pwned using the published RDP vulnerability without having to be internet facing.

When you consider your entire internal network as potentially hostile (as one should) then having such a vulnerability that can be remotely executed against a commonly-enable port/service is BAD NEWS.