When Microsoft chooses to release security updates for OS's that are way out of support security specialists grabs a cup of coffee and starts reading. BlueKeep (also known as CVE-2019-0708) is a flaw in Microsofts Remote Desktop Services that allows an attacker to gain full control over an affected system.
The vulnerability occurs during pre-authorization, and has the potential to run arbitrary malicious code in the "NT Authority\SYSTEM" user security context. Which means that you don't need to know any credentials to exploit the flaw and that you get to execute code as a privileged user.
Oh, and Microsoft says that it's potentially wormable like WannaCry, meaning that someone could write code that makes this self-replicating, making it possible to spread throughout a (inter-)network without intervention.
The vulnerable systems are Windows Server 2003, Windows XP, Windows Vista, Windo