Hi Pondus,
Good that you always check the VT results I present. You are my VT scan conscience and second op also.
Yes, the vulnerability for port 135 open is long known and the first versions of this check tool came in many versions from 11 years ago.
Still it is being checked, and also recently here:
https://malwr.com/analysis/ZDkzMTllMjJhM2UxNDdkZTg2OWYxY2E4YzZmMzc2MmI/when one does not need connection for epmap server, you can disble it through this tool, restart and enable again when you need it somehow. As the service come abused, it is good DCOMbobulator warns for the vulnerability and makes it possible to close down this service.
polonus