In order to make the exploit work, all a hacker has to do is get you to connect to a SMB share, which can be accomplished simply by posting a link to an image file hosted on a SMB server they control. Once you click the link, your Microsoft Account credentials are going to be automatically passed to the server, and although your password will be hashed, most people don’t use passwords that are overly complex, meaning that almost any password cracker could reveal your password in a matter of seconds.
To make matters worse, a terrifying percentage of people use their Microsoft Account credentials on a variety of other accounts, so once the hacker has the information, he can go fishing, testing to see if the same username and password works to get into your bank account, your credit card accounts, and pretty much any other service you access online.
To add insult to injury, Microsoft had no good information on their website for preventing any of this from happening, which is a real problem, given how hard they’ve been pushing for Windows 10 adoption, and the fact that Windows 10 requires you to log in with your Microsoft Account credentials.
All of this is a recipe for disaster, and unfortunately, the most helpful bit of advice on offer from Microsoft to this point is to steer clear of Internet Explorer and Microsoft Edge for the time being, as those two browsers are more tightly integrated with the Windows OS, and make it even easier to lose control of your machine.