ok this is hardly news, but it did catch my eye. Basically this worm is pretty easy to stop. Just have good passwords. No MS vulnerability to worry about, this worm just finds port 3389 open and brute forces a password to get in. once a connection is made, it simply uses the RDP protocols ability to map to local drives of the client and copies files up to the server to search for more pc’s local to the server to infect.
https://threatpost.com/en_us/blogs/new-worm-morto-using-rdp-infect-windows-pcs-082811
Anyways, if you need RDP open, please turn on encryption and choose strong passwords.