Microsoft NT Workstation 4 customers must take 'immediate action' to protect themselves

Powered by SC Magazine
 

Companies running Microsoft NT Workstation 4 (NT4) must take "immediate action to protect" themselves in the wake of Microsoft's announcement of 10 Windows security vulnerabilities on 12 October 2004, according to research firm Gartner.

A newly published advisory by Gartner analsyts Michael Silver and Neil MacDonald said that although Microsoft has recently unveiled the multiple vulnerabilities affecting various versions of Windows and issued patches for them, the company has not publicly issued patches for NT4, because security support for that version ended on 30 June 2004.

Although Gartner estimates that between 10 per cent to 20 per cent of enterprise PCs still run NT4, Microsoft ended security fix support for NT4 on 30 June 2004, claiming the eight-year-old NT4 is no longer supportable.

Gartner said it "disagrees with this claim", because the code base for NT Server, which Microsoft does still support, and NT4 are largely the same.

"Microsoft's solution for customers running NT4 is for them to follow Microsoft mitigation and work-around instructions when they are provided, migrate to a supported version of Windows, pay Microsoft $200,000 for a custom support contract or wait for a patch that Microsoft would issue to the public after an attack occurs," the Gartner advisory stated.

The analyst firm went on to point out that Microsoft has already developed NT4 patches for customers that have paid for custom support, but says it does not want to give users a false sense of security by breaking its policy and releasing these fixes publicly.

Gartner accused Microsoft of being shortsighted in not publicly releasing fixes for critical holes in NT4, adding that the software gaint risks a "public-relations nightmare" if an attack based on the unpatched vulnerability shuts down a major corporation or government agency.

Gartner urged Microsoft to set a higher standard for the security support of older software products, and to immediately extend fixes to NT4.

Silver and MacDonald's analysis states that Gartner has previously advised companies to migrate critical systems off NT4 to Windows 2000 or Windows XP Professional. However, to avoid a forced upgrade, those still using the platform should consider host-based intrusion prevention products and investigate alternative ways of shielding systems - for example, by blocking specific ports and filtering web content.

Firms could also consider paying Microsoft for custom support if their company is highly risk-averse or demand that Microsoft make the NT4 critical patches public.

www.gartner.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Xero prepares for key feature coming in 2015
Dec 19, 2014
Xero users will be able to track how their business is comparing to other Xero users.
More 4G from Optus in Darwin
Nov 21, 2014
Click to see where Optus has expanded coverage to the suburbs near Darwin.
Optus steps up regional 4G coverage
Nov 20, 2014
Once 700Mhz services are working, Optus claims regional users will have a "faster and more ...
This Huawei 4G phone costs $99
Nov 12, 2014
The $99 Huawei Ascend Y550, available through Vodafone, enters the budget market as one of the ...
4G smartphones: Microsoft's Lumia 830
Nov 7, 2014
Microsoft has announced its flagship Windows Phone, the Nokia Lumia 830 4G, will be available in ...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1803

Vote
Do you support the abolition of the Office of the Information Commissioner?