Microsoft just squeezed an execution hole in Windows XP with a critical update over five years after it left the regular support. However, Windows Update does not install it automatically. You must manually download and install it from the Microsoft Web site.
As Microsoft Security Center responds, this patch fixes a "smooth" vulnerability in the Remote Desktop Service in Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008:
The Remote Desktop Protocol is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is worn, which means that any future malware that exploits this vulnerability could spread from a vulnerable computer to a vulnerable computer, just as WannaCry malware spreads throughout the world in 2017.  Microsoft took the unexpected step of issue a critical security update for Windows XP (and Windows Server 2003) more than five years after Microsoft quit the standard support. It's so big this error.
However, there is a big problem: Windows Update does not install it automatically on Windows XP. As Microsoft's CVE-2019-0708 Bulletin explains:
These updates are available only from the Microsoft Update directory. We recommend that customers who run one of these operating systems download and install the update as soon as possible.
These fixes are called KB4500331 and can be found on the Microsoft Update Catalog website. If you are still using Windows XP or Windows Server 2003, download and install these patches right now.
This error does not affect Windows 10 and Windows 8 systems. Windows 7 and Windows Server 2008 systems will get a fix through Windows Update. You only need to manually install these patches if you are running an out-of-support version of Windows. If you are, Microsoft recommends that you upgrade to a supported version of Windows.