Slightly more technical information from Wired: https://www.wired.com/story/dejablue-windows-bugs-worm-rdp/
TL;DR: Remote Code Execution via RDP on all windows versions, including 7 and 10.
> "Microsoft today warned Windows users of seven new vulnerabilities in Windows that, like BlueKeep, can be exploited via RDP, a tool that lets administrators connect to other computers in a network. Of those seven bugs, Microsoft's advisory emphasized that two are particularly serious; like BlueKeep, they could be used to code an automated worm that jumps from machine to machine, potentially infecting millions of computers."
> "Unlike BlueKeep, however, the new bugs—half-jokingly named DejaBlue by security researchers tracking it—don't merely affect Windows 7 and earlier, as the earlier RDP vulnerability did. Instead, it affects Windows 7 and beyond, including all recent versions of the operating system."
I imagine the type of people who have RDP publicly exposed are the same type of people who will not be upgrading from Win7 anytime soon.
I suspect we will see many exploits of this to come.
They can release it on the same day as the regular updates, and scan the whole IPv4 address space every hour.
That way, the pool of unpatched machines will be so tiny it isn't worth evil people trying to exploit it.
A quick Shodan query already does what you're thinking.