SMB (Server Message Block) provides file and printer sharing in Windows. Security risks: EternalBlue exploit (WannaCry), null sessions, relay attacks (NTLM relay).
Disable SMB v1 (still present by default on some systems — enabled EternalBlue/WannaCry). Enable SMB signing to prevent relay attacks. Restrict SMB (port 445) at the firewall — block external access.