Patches Provided for Windows NT 4 Despite End of Support

Operating in the gray area between support and non-support, Microsoft chose to freely distribute the one new security bulletin that affected Windows NT Server 4.0 on Tuesday, 11 days after official support of the operating system expired.

Microsoft released three security bulletins on Tuesday (See related story).

For one of the two critical bulletins, MS05-002, Microsoft chose to provide a patch for free to all customers on Windows NT Server 4.0. Officially, support for Windows NT Server 4.0 ended on Dec. 31, 2004. Even that support deadline is a gray area, however. Microsoft is offering custom support contracts for up to two years for customers who are committed to migrating to a later version of Windows. The contracts cost a reported $200,000 a year.

As part of the contracts, Microsoft pledged to provide Windows NT 4.0 patches for all security flaws rated critical or important. Microsoft officials also say they will provide those patches for free to all customers for that subset of critical flaws that are extremely severe.

In this case, however, Microsoft's security team was just caught between the extended support phase in December and the new custom support phase.

"The majority of the steps that are required to address this vulnerability were completed before [the support deadline]. Therefore, we have decided to release a security update for this operating system version as part of this security bulletin," according to Microsoft's bulletin documentation.

"We do not anticipate doing this for future vulnerabilities that may affect this operating system version, but we reserve the right to produce updates and to make these updates available when necessary," the bulletin stated.

Microsoft reiterated that it should be a priority for customers to migrate from Windows NT Server 4.0 to supported operating systems as quickly as possible.

Bulletin MS05-002 fixed two flaws, one critical and one important. Both are patched for Windows NT Server 4.0. Microsoft also tested Windows NT 4.0 against the flaws patched in the other bulletins released on Tuesday. Neither affected the aging operating system. However, most customers running Windows NT Server 4.0 will be affected by the critical flaw in bulletin MS05-001. That flaw affects Internet Explorer 6.0 Service Pack 1, and customers who wanted support for Windows NT 4.0 were required to use that version of Microsoft's browser. A separate patch is available to protect IE 6 SP1 against the vulnerability.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.