"It's unfair to say it's not really widely used," added Miller. "I use it to connect to 40 to 50 machines a day in my job."

Because of what the experts said was the wide use of RDP, they thought Microsoft underplayed the severity of the vulnerability. "They're making a call to action, but without raising too many red flags," said Storms. "They're trying to get across [that this is significant] without saying it's doomsday."

Kandek wished Microsoft had a deployment priority higher than "1," the ranking the company assigned MS12-020. "This is more a '1+,'" Kandek said.

The biggest unknown is how fast hackers will figure out how to exploit the vulnerability, and thus how quickly Windows users will face attacks.

Kandek, Miller, Storms and Sarwate couldn't agree on a timeline, but all thought that active exploits would be in circulation quickly.