Re: It's not only the internet facing ones...
"Specifically, Graham said he was able to, ... find some 932,671 public-facing computers still vulnerable to CVE-2019-0708. To do this, he scanned the public internet for machines that had the Windows Remote Desktop network port (3389) open"
Given a common practice is to use a non-standard port for Internet RDS access, I expect significantly more public facing computers are still vulnerable. One hopes that they have firewalls with port scanning detection and blocking enabled.
I suspect any site/IP address that Shodan reports the presence of an MS service eg. Exchange, IIS (but not RDS) will odds on also have an MS RDS Server on a non-standard port.
Biting the hand that feeds IT
