Tech Tip: Work around NT 4.0 port 135 vulnerability

In May of 2003, Microsoft released security bulletin MS03-010 detailing a problem with the RPC Endpoint Mapper, a service that allows clients to find the port number of RPC services. Microsoft is providing patches for Windows 2000 and Windows XP to fix this problem, but it isn't offering one for Windows NT 4.0.

If your Exchange 5.5 server is running Windows NT 4.0, check to see whether you're exposed on port 135. According to Microsoft's security bulletin, most machines facing the Internet should have that port blocked.

If port 135 isn't blocked, you should close it off from the Internet immediately. Even before the release of this security bulletin, leaving port 135 open was considered a bad security practice.

While Outlook and the Exchange Administrator program use port 135, there are alternatives to connecting directly to the Exchange server over the Internet, such as installing Outlook Web Access (OWA) with SSL for secure access to messaging. Also, you can set up a Windows 2000 system with Terminal Services to provide a secure method of administering Exchange over the Internet, or provide a VPN for both end user and administrator access to internal resources.

If, for some reason, you can't block port 135, you can upgrade your Exchange server from Windows NT 4.0 to Windows 2000 Server, provided the Exchange server isn't an NT 4.0 domain controller. Alternately, you could build a Windows 2000 member server on your Windows NT 4.0 domain, install Exchange 5.5 in your existing site, and then move to the new server.

Whatever your situation, don't ignore this vulnerability. For more details, see the Microsoft security bulletin.


Editor's Picks