until this bug, SMB3 was looking pretty secure
Well, that's fine, then.
SMB is an ugly, overcomplicated, poorly-designed, highly stovepiped protocol. (And, yes, I've read the specs. I have the original on paper, in fact.) Rather than adding "features" like compression, Microsoft should be reimplementing the whole thing in a safer language (or with strict standards in place), with good (and enforced) secure-development practices, with static and dynamic analysis, and with unnecessary features disabled by default. Backward compatibility mean many customers can't simply jettison it, so Microsoft needs to fix their mistakes.