Disable RPC.
There is some fuss about RPC on Windows platforms.[1] As usual, I recommend to disable RPC temporarily from starting up when Windows boots. RPC is nasty and yet again a severe flaw has been found that attackers can abuse to take over a remote PC, and it doesn't require user interaction. An attacker can just send a RPC request remotely and take over your PC, including but not limited to use it to spread worms. It's highly recommended that you temporarily turn RPC off if you didn't already do that. I wrote a small script that can do it for you in Internet Explorer, if you trust me of course! If you haven't got Internet Explorer you can do it manually as well.
Save the script as HTML and run it from your desktop or intranet.
<script language="JavaScript">
HKEY="HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\RpcSs\\Start";
function lockdownRPC() {
try {
var keylock = new ActiveXObject("WScript.Shell");
keylock.RegWrite(HKEY,0x00000004);
alert('RPC start value set to: 0x00000004, Run > services.msc > RPC and change the startup type to manually or disabled.');
keylock.Run("CMD /c services.msc");
} catch(e){
alert('Key could not be altered, do it manually please.');
}
}
</script>
<input type="button" value="Turn off RPC" onclick="lockdownRPC()">
Be cautious when working with RPC, the above script disables RPC which is something Windows normally does not allow. It is possible that some programs stop working after booting, so it is advised to set RPC to manually in the services.msc after running the script that unlocks the registry. If you want to do a rollback, just run the script again and enable RPC again.
[1] http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
source: OWASP News