Re: .NET 4.0.30319
"The trick with RDP is to move the ports to something random"
It isn't a great trick - it just delays you appearing in port scans. And once you have been caught, its just a matter of time before the next RDP vulnerability comes along before you can patch it. Don't believe me? Check firewall logs and you will see almost every port on every public IP address you have scanned at least once a month with the high risk ports being scanned multiple times a day.
Yes ts_block helps, but it still leaves you at the mercy of vulnerabilities and weak username/passwords. We have been though this with SSH in the 2000's (i.e. random ports, port knocking and fail2ban) and still had compromises. At least with SSH you get the option of disabling root access and forcing the use of keys instead of passwords.
Use a VPN with 2FA.