Inbound connection in port 135 (UDP/TCP) is not blocked in Windows firewall
Description
Microsoft''s "DCOM (Distributed Component Object Model) Service Control Manager" running on the user''s computer utilizes the port 135. Port 135 exposes where DCOM services can be found on a machine. Hacker tools such as "epdump" (Endpoint Dump) can immediately identify every DCOM-related server/service running on the user''s hosting computer and match them up with known exploits against those services. Therefore, port 135 should not be exposed to the internet and must be blocked.
Severity
Moderate
Category
Windows Firewall
Resolution
Follow the below steps to resolve the misconfiguration.
Step 1: Open the Control Panel
Step 2: Click on Windows Firewall/ Windows Defender firewall
Step 3: Navigate to advanced settings.
Step 4:Right click on inbound rules and click on new rule.
Step 6:Select port and press next
Step 7:Specify the port 135 under specific local ports, select TCP and press next.
Step 8:click on block the connection and click next.
Step 9:Select Domain, Private and Public and click next.
Step 10:Give a name and description and click finish. Repeat the steps for the UDP port 135 as well.
Does remediation require reboot?
No
Vulnerability Manager Plus tracks security configurations and remediate misconfigurations in your network systems from a centralized console. View a list of all the security misconfigurations detected by Vulnerability Manager Plus.