"permits unauthenticated remote code execution through the medium of Remote Desktop Services"
The first thing I do, for Windows and all OS flavors in my shed, is to disable all remote access needed for some IT wonk to mess with my systems especially RDS. However, this policy is especially important for Windows as any subset of vulnerabilities that can be easily shunted is a good thing when using a spaghetti code OS like Windows. As for Windows 7, it's been sand boxed in a VM (hosted by a strong 'nixOS) and unable to access the Internet since the whole GWX debacle.
The only good Windows is an deaf and dumb Windows. Wait, is that redundant?