If you can RDP directly into your work machine without having to do it via a vpn connection then that means your work network has diddly squat for security and is likely already pwned by numerous hackers. Placing a windows machine directly onto the Internet is like shooting fireworks while fueling your car at a gas station. Even if it's behind a nat router with port forwarding for RDP, that's only pretend security. Windows software firewall is no real security either.
Yeah, but is that his job or concern? If he's worried about being caught surfing porn, my guess is not.