Microsoft Refuses To Fix NT 4.0 Exploit

shmigget writes "The Register is reporting that Microsoft is throwing in the towel as far as NT 4 is concerned on the latest security flaw to affect Windows 2000, XP, and NT 4. They quote Microsoft as saying 'The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability.'" There still is a workaround for NT 4.0. Instead of patching the problem, it's advised to firewall off port 135 on an affected machine.

No surprise

[jawtheshark]

I mean, NT4 is close to it's end of life .

No, I don't like it... but support for NT4 is dropped at 30 june 2003 and that's not really far away.

Re:No surprise

[questionlp]

That maybe the case for NT 4.0 Workstation, but NT 4.0 Server has a different EOL/End of Support timeline (according to Microsoft):
http://www.microsoft.com/ntserver/ProductInfo/Avai lability/Retiring.asp

The key part of that page is:

January 1, 2005 Beginning on this date, Pay-per-incident and Premier support will no longer be available. This includes security hotfixes.

On the page that you linked to, the end date for System Builder (ie: OEM) availability for NT 4.0 Workstation is 30 June 2003 whereas the end date for online support is 30 June 2004.

Re:No surprise

[questionlp]

Whoops... forgot to paste another part of that page:

January 1, 2004 Beginning on this date, non-security hotfixes are no longer available.

Considering that this is a security vulnerability that they are talking about, Microsoft needs to look at what they committed to their customers in that timeline and better get a fix out ASAP!