You should of course be wary of any links I provide, but they're included as part of the MS TechNet messages I receive, so I'm including here anyway.
It's just as sufficient to ensure your Windows Updates are er...up to date...as the patches are being delivered as part of the general update procedure too
In Windows 7, click on Start, then right click on Computer, left click on Properties, and down in left corner find and click on Windows Update
Microsoft Critical Security UpdateIn efforts to prevent another WannaCry (2017) style malware outbreak, Microsoft has released some software patches for older Windows systems, including some that are long past their support dates.
The released patches that are available target a critical Remote Code Execution vulnerability in Remote Desktop Services (formerly known as Terminal Services), to prevent worm transmission. Such transmission would be pre-authorised and require no user interaction on an unpatched system.
At the time of writing Microsoft has not observed any exploitation of this vulnerability but thinks it is "highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware," in the future.
Microsoft notes that vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008 systems. For such systems you can download updates via the
Microsoft Security Update Guide or they will be delivered via automatic updates, if enabled.
Windows XP and Windows 2003 systems are out of support, and being so aged Microsoft strongly recommends users update to a newer OS.
However, it has made fixes available for these systems as patch
KB4500705Lastly, customers running Windows 8 or Windows 10 are not affected by the critical Remote Code Execution vulnerability outlined in the intro.