Today I had a really interesting conversation with a guy from Japan via LinkedIn.  It started with him trying to sell me some website design services, but when he realized their services weren't a good fit, he asked me a question.  He said "I checked a few websites - what is this risk management thing?  If we have this web design studio, how do we calculate our risks?"

Unless you've been hiding under a rock for the past three weeks, you're probably familiar with CVE-2019-0708, also known as the "Bluekeep" vulnerability.  This Remote Code Execution vulnerability in Remote Desktop Services (formerly known as Terminal Services) is particularly nasty as it it is pre-authentication and requires no user interaction.  This makes it the perfect vulnerability to integrate into a self-propagating worm that would quickly spread around the world, just like WannaCry did in 2017.  It also make