I chose to approach it from both sides, I added access lists on our internal router and our external router to block such traffic. sh access-list listname displays several attempts at these ports... "Stratton, Doug MSER:EX" wrote: > > > Hello > Just wanted to check with the list to see if anyone has deployed this > patch and if so any problems. > > Anyone try the workaround where they block the ports: > Block UDP ports 138, 139, 445 and TCP ports 138, 139, 445 at your > firewall. > These ports are used to accept a Remote Procedure Call (RPC) > connection at a remote computer. Blocking them at the firewall will > help prevent systems behind that firewall from being attacked by > attempts to exploit this vulnerability. > > Or Disable the Workstation service. (I am assuming this is defiantly > a no go)