While Windows XP and 2003 Server are officially unsupported products, the dangers of an RDP based worm exploit being developed are probable. Microsoft has developed a special standalone patch that users can pre-install now (or disabling RDP services mitigates threat also)

https://www.pcmag.com/news/368371/microsoft-patch-old-windows-systems-or-risk-computer-worm

Microsoft is trying to prevent the outbreak of a computer worm by urging those running older Windows systems to patch their machines. Redmond has discovered a serious flaw in Windows 7, Windows XP, and Windows Server 2003 and 2008 systems, which can be exploited to create malware capable of automatically spreading from one vulnerable machine to another. “While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware,” Microsoft said. The vulnerability deals with the Remote Desktop Services function in Windows, which can allow a user to take control of the machine over a network. Enterprises often choose to activate the feature on PCs and servers as a way to control them remotely.

Normally, the access requires a correct username and password. However, Microsoft discovered that an “unauthenticated attacker” can install malware on a Windows machine through the Remote Desktop Services function by sending specially crafted data packets. The bug also requires no interaction from the owner of the affected Windows machine. So theoretically, an attacker could scan the internet to find additional machines to target. An estimated 3 million Remote Desktop Protocol endpoints are currently exposed to the internet, according to security researcher Kevin Beaumont, who cites data from device search engine Shodan.  Fortunately, Windows 10 and Windows 8 are immune from the threat