But unlike EternalBlue, which could be exploited when using only the SMB, or server message block, a protocol for file and printer sharing and similar network activities, this latest vulnerability is present in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability.
“An attacker can trigger the vulnerability via any Windows application protocols that authenticates,” Valentina Palmiotti, the IBM security researcher who discovered the code-execution vulnerability, said in an interview. “For example, the vulnerability can be triggered by trying to connect to an SMB share or via Remote Desktop. Some other examples include Internet exposed Microsoft IIS servers and SMTP servers that have Windows Authentication enabled. Of course, they can also be exploited on internal networks if left unpatched.”