(RPC) Service terminated unexpectedly

Ehhh... yea, download the fix! It's only 1.26MB

You could also block port 135,139 & 445 (UDP/TCP) in your firewall.

 

Well, I have had that port blocked for incomming traffic since the Mircrosoft Security article mentioned it, just to see how many times I would be scanned/probed. I have 3 computers on my network, but haven't had any problems with blocking incomming traffic on 135 (and 139).

I was probed 28 times on the 11th...

 

There are really no problems blocking INCOMING to Port 135 unless connecting to a MS Exchange server.. As a matter of fact, the Feds have sent notices to major ISP's recommending that they filter Port 135 at the ISP level. Here's what my ISP (COX) has to say:

http://support.cox.net/custsup/safety/port_135.shtml



Port 135 Block Implementation
Recently, the US Department of Homeland Security issued an advisory to Internet Service Providers, including Cox Communications. It warns of a potential network disruption due to a security loophole in the Windows 2000, XP, NT, and 2003 operating systems. This loophole may allow hackers unauthorized access to computers on our Cox High Speed Internet network and the Internet at large, using computer viruses or worms.

The government has called for the filtering of three ports (ports 135, 137 and 445) to prevent hackers from exploiting the security loopholes. A port is basically a point of connection for a specific type of program. For example, whenever a request is sent to display a web page like www.cox.net, it is sent to port 80. Cox currently filters (in both directions) two of the ports identified in the advisory -- ports 137 and 445. This prevents computers on the Internet from talking to your computer on these ports.

In the last week, the Cox Abuse department has seen a significant increase in the number of computers on our customer network that have been infected with viruses and worms; we are therefore complying with the Department of Homeland Security Advisory. The spread of infection is due to a high number of users operating exploitable versions of Microsoft Windows, primarily XP and 2000 (i.e. unpatched machines). Cox recommends that customers visit the Microsoft Windows Update website frequently to insure they are updating and protecting themselves from newly discovered exploits.

Cox anticipates the filter of port 135 will be implemented in all markets by August 10th, 2003.

Customers who use Microsoft Outlook to connect directly to a Microsoft Exchange server may no longer be able to connect when this port filter is applied. We recommend the use of a Virtual Private Network (VPN) to the company or group who operates the Exchange server. Please contact the network administrator or helpdesk for that company or group for additional details.

This does not affect customers who use Cox.net e-mail, Webmail, or connect to their Cox.net e-mail with Microsoft Outlook.

Cox makes every effort to avoid implementing port filters. In this case, we believe that the benefits of protecting the network and continuing to provide customers with the best performing service possible outweigh the possible impact to those customers connecting to Exchange servers.


Resources:
Department of Homeland Security Warning
Microsoft Windows Update


FAQ’s
Q: What will be filtered?
A: Port 135 in incoming (from the Internet to your computer)

Q: Why are you doing this now?
A: The US Government has called for the filtering of Port 135 to limit the spread of viruses and worms due to vulnerabilities in the Windows XP and 2000 operating systems; Cox is complying. Also, Cox has recently seen an increase in attempts to exploit these vulnerabilities; primarily in the Windows XP and 2000 operating systems and an increase in infected machines. Unfortunately, many customers have not applied the Windows updates that prevent these vulnerabilities from being exploited. These hacking attempts threaten your computer, the Cox network and the Internet at large, since hackers may attempt to use compromised systems to perform illegal online activity.

Q: Who will be affected?
A: Very few customers will be affected by this change. Customers who use Microsoft Outlook to connect directly to a Microsoft Exchange server may no longer be able to connect when this port filter is applied. Port 135 is generally used for connections to Exchange servers on corporate networks. These connections are rarely done over the open Internet.


Q: What if I need to connect to an Exchange server?
A: If Exchange server connections are impacted, we recommend you work with the owner of that server and establish a Virtual Private Network (VPN) connection. This will allow you to connect to that network with the additional advantage of encryption.

Q: How can I get updates for my machine?
A: Visit the Microsoft Windows Update site to get the latest patches and updates for the Windows Operating System.

Q: Is this a change to your Acceptable Usage Policy or Subscriber Agreement?
A: No, this change is made under the terms of the Subscriber Agreement called "Management of Network" which states "Cox reserves the right to manage its network for the greatest benefit of the greatest number of subscribers including, without limitation, the following: rate limiting, rejection or removal of "spam" or otherwise unsolicited bulk email, traffic prioritization, and protocol filtering." You can find the full Subscriber Agreement at: http://www.cox.com/.

Q. Has Cox blocked or filtered port 135 before?
A. Yes, Cox has previously filtered port 135 inbound to limit specific types of pop-ups called "netsend" messages. This blocking effort was partially rolled back after use of the exploit died down. Now, Cox will re-instate a complete filter for port 135 inbound. This will prevent your machine from being probed for the exploits.

Q: Will this filter fix my computer if it is infected?
A: No. It is only intended to limit the spread of the infection to additional machines. Consult anti-virus services such as McAfee or a PC repair professional for more information.