On Patch Tuesday (14 May 2019) Microsoft offered an RDP patch for legacy Windows and outlined the details here: https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ The most immediate steps your organization should pursue are the following: Disable port 3389 from being publicly visible as it is only a matter of days, or perhaps hours, before the patch is reverse-engineered into a wormable exploit. To test if you are publicly visible, check out grc.com/shieldsup to show not just RDP but any other ports you may be exposing to the public Internet.
URL ping is an HTML5 tag that pings a URL anytime the link is clicked. In Security Now Episode #709, Steve Gibson explains in detail (as he always does so masterfully) how this HTML5 standard has gained some velocity in browsers where you cannot even opt out anymore in Chrome, possibly to be followed by other browsers, inevitably. This invasion of individual privacy is definitely a problem we want to allow our users to mitigate.