The Microsoft Windows contain one memory corruption bug in its handling SMB traffic, which can allow a remote intruder without authentication to deny service or potentially execute arbitrary code on a vulnerable system.
The attackers using this Zero-Day can cause denial of attacks service (DoS) vs. versions of Windows containing the bug. So vulnerable devices can be connected to malicious ones SMB. US-CERT states that there is a possibility that the vulnerability could be exploited to execute arbitrary code with its privileges Windows Core.
The vulnerability description reports additional information:
The Windows fail to properly handle traffic from a malicious server. In particular, the Windows do not properly handle a server response that contains too many bytes following the structure defined by SMB2 TREE_CONNECT Response. By connecting to a malicious server SMB, the vulnerable system of Windows can display the BSOD (Blue Screen of Death) with Mrxsmb20.sys error. It is not clear at this point whether this vulnerability can be exploited beyond an attack denial-of-Service. We have confirmed it crash with fully repaired systems client of Windows 10 and Windows 8.1.
US-CERT confirmed vulnerabilities in fully repaired systems client of Windows 8.1 and Windows 10. The Bleeping website computer reports that security researcher PythonResponder claims that the vulnerability also affects him Windows Server & Hosting 2012 and 2016.
US-CERT ranks vulnerability in the highest severity score (10), and it is worth noting that Microsoft No security update has been released yet.