I remember, I think it was 20 years ago, Microsoft was already being sent proofs of concepts for vulnerabilities in RPC (Remote Procedure Calls), which is a kernel level dll at the heart of remote services.

I thought back then, that was when I thought Microsoft deserved some trust when it came to their own software, that Microsoft would plug holes RPC (bad expectation, they just plugged that hole that day), and as a result would make depending Windows services such as Remote Desktop Services disabled by default. The reasoning being, if that's too touchy to be left running, then perhaps not starting it by default would give some help.

Did not happen, that goes without saying.

I hear these days that researchers are still finding holes in this thing. And that, from what I read, Remote Desktop Services still isn't disabled by default. For what it's worth, Remote Desktop Services isn't an essential part of Windows, never was, and even less these days with all those third party virtual machine capabilities out there.

I am not sure why I don't hear governements out there suing Microsoft up their ass, because if governements represent the interest of the people and businesses out there, they should make sure that giant corporations need some finger pointing for their errors. Especially when errors go as far as twenty years ago when there was no decision to take Remote Desktop Services offline by default.

See, Microsoft is very different these days than twenty years ago. Much more open, much more public aware. Isn't it? No.