Patches Provided for Windows NT 4 Despite End of Support

Operating in the gray area between support and non-support, Microsoft chose to freely distribute the one new security bulletin that affected Windows NT Server 4.0 on Tuesday, 11 days after official support of the operating system expired.

Microsoft released three security bulletins on Tuesday (See related story).

For one of the two critical bulletins, MS05-002, Microsoft chose to provide a patch for free to all customers on Windows NT Server 4.0. Officially, support for Windows NT Server 4.0 ended on Dec. 31, 2004. Even that support deadline is a gray area, however. Microsoft is offering custom support contracts for up to two years for customers who are committed to migrating to a later version of Windows. The contracts cost a reported $200,000 a year.

As part of the contracts, Microsoft pledged to provide Windows NT 4.0 patches for all security flaws rated critical or important. Microsoft officials also say they will provide those patches for free to all customers for that subset of critical flaws that are extremely severe.

In this case, however, Microsoft's security team was just caught between the extended support phase in December and the new custom support phase.

"The majority of the steps that are required to address this vulnerability were completed before [the support deadline]. Therefore, we have decided to release a security update for this operating system version as part of this security bulletin," according to Microsoft's bulletin documentation.

"We do not anticipate doing this for future vulnerabilities that may affect this operating system version, but we reserve the right to produce updates and to make these updates available when necessary," the bulletin stated.

Microsoft reiterated that it should be a priority for customers to migrate from Windows NT Server 4.0 to supported operating systems as quickly as possible.

Bulletin MS05-002 fixed two flaws, one critical and one important. Both are patched for Windows NT Server 4.0. Microsoft also tested Windows NT 4.0 against the flaws patched in the other bulletins released on Tuesday. Neither affected the aging operating system. However, most customers running Windows NT Server 4.0 will be affected by the critical flaw in bulletin MS05-001. That flaw affects Internet Explorer 6.0 Service Pack 1, and customers who wanted support for Windows NT 4.0 were required to use that version of Microsoft's browser. A separate patch is available to protect IE 6 SP1 against the vulnerability.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus