Back
  • Misconfig Name
  • Inbound connection in port 135 (UDP/TCP) is not blocked in Windows firewall
  • Description
  • Microsoft''s "DCOM (Distributed Component Object Model) Service Control Manager" running on the user''s computer utilizes the port 135. Port 135 exposes where DCOM services can be found on a machine. Hacker tools such as "epdump" (Endpoint Dump) can immediately identify every DCOM-related server/service running on the user''s hosting computer and match them up with known exploits against those services. Therefore, port 135 should not be exposed to the internet and must be blocked.
  • Severity
  • Moderate
  • Category
  • Windows Firewall
  • Resolution
  • Follow the below steps to resolve the misconfiguration. Step 1: Open the Control Panel Step 2: Click on Windows Firewall/ Windows Defender firewall Step 3: Navigate to advanced settings. Step 4:Right click on inbound rules and click on new rule. Step 6:Select port and press next Step 7:Specify the port 135 under specific local ports, select TCP and press next. Step 8:click on block the connection and click next. Step 9:Select Domain, Private and Public and click next. Step 10:Give a name and description and click finish. Repeat the steps for the UDP port 135 as well.
  • Reboot Required
  • No