ports 135, 138-139, 443, 445 and 593

These ports expose the Microsoft Remote Procedure Call Services (RPCSS) interfaces to the network. In common practice the services enabled by RPCSS don't extend beyond the boundaries of the organizational intranet. In that case, common practice is to block inbound and outbound traffic on the ports at the network border.

RPCSS normally monitors UDP ports 135, 137, 138, and 445, and TCP ports 135, 139, 445, and 593, but it will also monitor ports 80 and 443 if COM Internet Services (CIS) or RPC over HTTP is enabled.

References:

• Microsoft Security Bulletin MS03-039: Buffer Overrun In RPCSS Service Could Allow Code Execution (824146)
• CA-2003-23 RPCSS Vulnerabilities in Microsoft Windows