A serious security hole (http://betanews.com/2015/04/13/windows-remains-vulnerable-to-serious-18-year-old-smb-security-flaw/) leaves millions of Windows users open to attack, making it possible to extract encrypted credentials from a target machine. Researchers at Cylance (http://blog.cylance.com/redirect-to-smb) say the problem affects "any Windows PC, tablet or server" (including Windows 10) and is a slight progression of the Redirect to SMB attack discovered by Aaron Spangler way back in 1997. Redirect to SMB is essentially a man-in-the-middle attack which involves taking control of a network connection. As the name suggests, victims are then redirected to a malicious SMB server which can extract usernames, domains and passwords. Cylance also reports that software from companies such as Adobe, Oracle and Symantec — including security and antivirus tools — are affected.
http://it.slashdot.org/story/15/04/13/1956229/windows-remains-vulnerable-to-serious-18-year-old-smb-security-flaw