Microsoft Server Message Block 3.1.1 (SMBv3) contains a vulnerability, dubbed SMBGhost or EternalDarkness, in the way that it handles connections that use compression, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. It has been reported that this vulnerability is "wormable."

Successful exploitation of the vulnerability would grant the attacker arbitrary code execution in both SMB Server and SMB Client.

UPDATE: On March 12th, Microsoft has released a patch, named KB4551762, to mitigate this vulnerability. A workaround is available if you cannot install the patch immediately.

UPDATE: On March 31th, a PoC was released by researchers García Gutiérrez (@danigargu) and Manuel Blanco Parajón (@dialluvioso_), available here : https://github.com/danigargu/CVE-2020-0796

You can disable compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below.
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Notes:

1. No reboot is needed after making the change.
2. This workaround does not prevent exploitation of SMB clients.

You can implement the workaround with the PowerShell command below:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

Block inbound and outbound SMB
Consider blocking outbound SMB connections (TCP port 445 for SMBv3) from the local network to the WAN. Also ensure that SMB connections from the internet are not allowed to connect inbound to an enterprise LAN.