At least 100,000 computers running Samba are open to a newly discovered vulnerability and require patching, Rapid7 and US-CERT warn.