How could an attacker exploit the vulnerability? A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target system. This vulnerability can be exploited through two different vectors: For the vulnerability to be exploited on the SMB Client, an unauthenticated attacker would first need to configure a malicious SMBv3 server and convince a user to connect to it by enticing them to click a specially crafted link. **For the vulnerability to be exploited on the SMB Server **, an authenticated attacker could send specially crafted packets from an SMB Client to a targeted SMBv3 Server. What steps can I take to protect my network? Block TCP port 445 at the enterprise perimeter firewall TCP port 445 is used to initiate a connection with the affected component. Blocking this port at the network perimeter firewall will help protect systems that are behind that firewall from attempts to exploit this vulnerability. This can help protect networks from attacks that originate outside the enterprise perimeter. Blocking the affected ports at the enterprise perimeter is the best defense to help avoid Internet-based attacks. However, systems could still be vulnerable to attacks from within their enterprise perimeter. Follow Microsoft guidelines to prevent SMB traffic from lateral connections and entering or leaving the network Secure SMB Traffic in Windows Server: *https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-secure-traffic Are older versions of Windows (other than what is listed in the Security Updates table) affected by this vulnerability? No.