Microsoft Refuses To Fix NT 4.0 Exploit

← Back to Stories (view on slashdot.org)

Microsoft Refuses To Fix NT 4.0 Exploit

Posted by CowboyNeal on Thursday March 27, 2003 @07:38AM from the no-visible-means-of-support dept.

shmigget writes "The Register is reporting that Microsoft is throwing in the towel as far as NT 4 is concerned on the latest security flaw to affect Windows 2000, XP, and NT 4. They quote Microsoft as saying 'The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability.'" There still is a workaround for NT 4.0. Instead of patching the problem, it's advised to firewall off port 135 on an affected machine.

6 of 664 comments (clear)

Min score:

Reason:

Sort:

ZoneAlarm by yycs · 2003-03-27 07:40 · Score: 5, Funny

So in effect, ZoneAlarm could be considered as a patch for this problem??
No surprise by jawtheshark · 2003-03-27 07:41 · Score: 5, Informative

I mean, NT4 is close to it's end of life .
No, I don't like it... but support for NT4 is dropped at 30 june 2003 and that's not really far away.

--
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
1. Re:No surprise by MyPantsAreOnFire! · 2003-03-27 07:49 · Score: 5, Insightful
  
  Very true. I agree that all products have their lifecycles, and NT 4 is most definitely near the end of its cycle.
  
  However, support for NT4 is dropped on June 30th, NOT March 26th. They should still support their products with something better than a half-assed work around.
  
  How can we trust that Win 2003 support will end 4 years after its release, and not when they come across a "really difficult" problem that may require some thought and work?
  
  --
  --My other sig is a ferrari.
2. Re:No surprise by questionlp · 2003-03-27 07:49 · Score: 5, Informative
  
  That maybe the case for NT 4.0 Workstation, but NT 4.0 Server has a different EOL/End of Support timeline (according to Microsoft):
  http://www.microsoft.com/ntserver/ProductInfo/Avai lability/Retiring.asp
  The key part of that page is:
  January 1, 2005 Beginning on this date, Pay-per-incident and Premier support will no longer be available. This includes security hotfixes.
  On the page that you linked to, the end date for System Builder (ie: OEM) availability for NT 4.0 Workstation is 30 June 2003 whereas the end date for online support is 30 June 2004.
3. Re:No surprise by questionlp · 2003-03-27 07:51 · Score: 5, Informative
  
  Whoops... forgot to paste another part of that page:
  
  January 1, 2004 Beginning on this date, non-security hotfixes are no longer available.
  
  Considering that this is a security vulnerability that they are talking about, Microsoft needs to look at what they committed to their customers in that timeline and better get a fix out ASAP!
Re:How much by G+Money · 2003-03-27 07:47 · Score: 5, Insightful

You're kidding, right? The clients I work with are predominantly NT based because the of the license/security issues surrounding Microsoft and they don't want to be lead deeper into the licensing pit that is Microsoft. Granted, NT is very old, but if you have to pay that much for an NT server license, you're going to want to get your moneys worth for it (if that's at all possible).