Microsoft NT Workstation 4 customers must take 'immediate action' to protect themselves

Powered by SC Magazine
 

Companies running Microsoft NT Workstation 4 (NT4) must take "immediate action to protect" themselves in the wake of Microsoft's announcement of 10 Windows security vulnerabilities on 12 October 2004, according to research firm Gartner.

A newly published advisory by Gartner analsyts Michael Silver and Neil MacDonald said that although Microsoft has recently unveiled the multiple vulnerabilities affecting various versions of Windows and issued patches for them, the company has not publicly issued patches for NT4, because security support for that version ended on 30 June 2004.

Although Gartner estimates that between 10 per cent to 20 per cent of enterprise PCs still run NT4, Microsoft ended security fix support for NT4 on 30 June 2004, claiming the eight-year-old NT4 is no longer supportable.

Gartner said it "disagrees with this claim", because the code base for NT Server, which Microsoft does still support, and NT4 are largely the same.

"Microsoft's solution for customers running NT4 is for them to follow Microsoft mitigation and work-around instructions when they are provided, migrate to a supported version of Windows, pay Microsoft $200,000 for a custom support contract or wait for a patch that Microsoft would issue to the public after an attack occurs," the Gartner advisory stated.

The analyst firm went on to point out that Microsoft has already developed NT4 patches for customers that have paid for custom support, but says it does not want to give users a false sense of security by breaking its policy and releasing these fixes publicly.

Gartner accused Microsoft of being shortsighted in not publicly releasing fixes for critical holes in NT4, adding that the software gaint risks a "public-relations nightmare" if an attack based on the unpatched vulnerability shuts down a major corporation or government agency.

Gartner urged Microsoft to set a higher standard for the security support of older software products, and to immediately extend fixes to NT4.

Silver and MacDonald's analysis states that Gartner has previously advised companies to migrate critical systems off NT4 to Windows 2000 or Windows XP Professional. However, to avoid a forced upgrade, those still using the platform should consider host-based intrusion prevention products and investigate alternative ways of shielding systems - for example, by blocking specific ports and filtering web content.

Firms could also consider paying Microsoft for custom support if their company is highly risk-averse or demand that Microsoft make the NT4 critical patches public.

www.gartner.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Parliament passes law to let ASIO tap entire internet
Greens effort to limit devices fails.
 
Business-focused Windows 10 brings back the Start menu
Microsoft skips 9 for the "greatest enterprise platform ever".
 
Feeling Shellshocked?
Stay up to date with patching for the Bash bug.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Constantly rushing to the printer to stop other people seeing your printouts?
Sep 24, 2014
Lexmark's latest family of small-business printers include a feature that lets you stop anyone ...
This 4G smartphone costs $219
Sep 3, 2014
It's possible to spend a lot less on a smartphone if you're prepared to go with a brand you ...
Looking for storage? Seagate has five new small business NAS devices
Aug 22, 2014
Seagate has announced a new portfolio of Networked Attached Storage (NAS) solutions specifically ...
Run a small business in western Sydney?
Aug 15, 2014
This event might be of interest if you're looking to meet other people with a similar interest ...
Buying a tablet? Microsoft's Surface Pro 3 goes on sale this month
Aug 8, 2014
Microsoft has announced its Surface Pro 3 will go on sale in Australia on 28 August from ...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  66%
 
Advanced persistent threats
  5%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  12%
TOTAL VOTES: 1384

Vote