Gartner Issues Warning to Windows NT 4 Workstation Users

The blizzard of Microsoft security patches last Tuesday serves as a harsh reminder to organizations still running Windows NT 4.0 Workstation that you're on your own.

Analysts at Gartner are taking the opportunity to remind Windows NT 4.0 Workstation holdouts that if you've been unable to heed Microsoft's, Gartner's and others' warnings to get critical systems off Windows NT 4.0 Workstation, you should have other precautions in place.

Microsoft support for Windows NT 4.0 Workstation officially ended on June 30. However, Microsoft did reach back to support those users, and Windows 2000 Service Pack 2 users, in August when it released patches for critical security flaws in Internet Explorer that gave rise to Download.Ject.

On Oct. 12, however, Microsoft released 10 security bulletins, and seven of the bulletins included fixes for critical problems. Microsoft did not publicly issue patches for Windows NT 4.0 Workstation in that batch of patches. According to Gartner, Microsoft prepared the patches for customers paying for $200,000 custom support contracts.

Gartner is urging customers with Windows NT 4.0 Workstation to consider host-based intrusion prevention products and investigate other protections such as blocking specific ports and filtering Web content.

But Gartner also says customers must demand that Microsoft make the critical patches for Windows NT 4.0 Workstation public. "Gartner believes that Microsoft is being shortsighted in not publicly releasing fixes for critical holes in NTW4, and risks a public-relations nightmare if an attack based on the unpatched vulnerability shuts down a major corporation or government agency," analysts Michael Silver and Neil MacDonald write.

Garter estimates that between 10 percent and 20 percent of enterprise PCs still run Windows NT 4.0 Workstation.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.