The exploit pries open CVE-2021-31166, a bug with a CVSS score of 9.8 that was the baddest of the bad in Microsoft s Patch Tuesday update last week. An exploit would allow RCE with kernel privileges or a denial-of-service (DoS) attack. The vulnerability only affects the latest versions of Windows 10 and Windows Server, meaning exposure for internet-facing servers is fairly limited Microsoft recommends prioritizing the patching of affected servers.
Source: https://threatpost.com/windows-exploit-wormable-rce/166289/