Microsoft released security updates in March that address many of the issues already. Therefore, there are no 0day vulnerabilities included in the toolset that can be used against fully patched versions of Windows. The toolset was built in 2013 which means it doesn’t include Windows 10 and 2016. Legacy versions of Windows are still vulnerable since Microsoft won’t release security updates for them.
An attacker is able to exploit unpatched (or legacy) versions of Windows that have certain ports exposed to other systems on the network. Exploits are publicly available in binary form.
Legacy versions of Windows: Many of the exploits affect legacy versions of Windows. Three specific exploits were also released that only affect legacy versions of Windows.
Note: The affected Windows versions may be vulnerable but are not directly exploitable using the publicly released tools using their default configuration.