Microsoft's February security update fixes the vulnerability that can result in reverse RDP attacks in the built-in Windows RDP client, but third-party RDP clients are still vulnerable, Check Point said.
A vulnerability in the Windows print spooler service patched this week echoes a similar one exploited by the Stuxnet worm 10 years ago.
There has been a sharp increase in scans for exposed RDP servers recently as attackers try to take advantage of the move to remote work.
Microsoft has fixed three flaws that attackers were using in targeted attacks for several weeks.
The shift to remote work has caused a spike in the number of RDP servers exposed to the Internet, along with an increase in the number of scans for those servers.