Check your EC2 security groups for inbound rules that allow unrestricted access (i.e. 0.0.0.0/0 or ::/0) to TCP port 135 and restrict access to only those IP addresses that require it in order to implement the principle of least privilege and reduce the possibility of a breach. Remote Procedure Call (RPC) port 135 is used for client/server communication by Microsoft Message Queuing (MSMQ): https://goo.gl/GycDGi as well as other Microsoft Windows/Windows Server software.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Allowing unrestricted RPC access can increase opportunities for malicious activity such as hacking (backdoor command shell), denial-of-service (DoS) attacks and loss of data.
To determine if your EC2 security groups allow unrestricted RPC access, perform the following:
Remediation / Resolution
To update your security groups inbound/ingress configuration in order to restrict RPC access to specific entities (IP addresses, IP ranges and security groups), perform the following:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Unrestricted RPC Access
Risk level: Medium