Reply To: 27 May 17 – Win7 Hit Hardest by WannaCry
It doesn’t matter how, if anything manages to get a beachhead by being on your LAN, it can just broadcast to find routers, and without authentication, ask for traffic to be let into your LAN. Think of it. Ordinarily, to allow something into your LAN, you’d have to log into your router with sufficient privilege and alter the configuration to allow that traffic. With UPnP, your barrier is being able to connect to your LAN…that’s it.
As far as exposing hosts, why not? If you need to share (or receive) files, use a technology which facilitates that. There are probably a lot of better choices, like SFTP, because MS has a history of bug-riddled software. Probably not a whole lot of people do it, but I guess it would be possible to turn on SMB encryption to implement data integrity and privacy…don’t think it’s on by default.