Microsoft NT Workstation 4 customers must take 'immediate action' to protect themselves

Powered by SC Magazine
 

Companies running Microsoft NT Workstation 4 (NT4) must take "immediate action to protect" themselves in the wake of Microsoft's announcement of 10 Windows security vulnerabilities on 12 October 2004, according to research firm Gartner.

A newly published advisory by Gartner analsyts Michael Silver and Neil MacDonald said that although Microsoft has recently unveiled the multiple vulnerabilities affecting various versions of Windows and issued patches for them, the company has not publicly issued patches for NT4, because security support for that version ended on 30 June 2004.

Although Gartner estimates that between 10 per cent to 20 per cent of enterprise PCs still run NT4, Microsoft ended security fix support for NT4 on 30 June 2004, claiming the eight-year-old NT4 is no longer supportable.

Gartner said it "disagrees with this claim", because the code base for NT Server, which Microsoft does still support, and NT4 are largely the same.

"Microsoft's solution for customers running NT4 is for them to follow Microsoft mitigation and work-around instructions when they are provided, migrate to a supported version of Windows, pay Microsoft $200,000 for a custom support contract or wait for a patch that Microsoft would issue to the public after an attack occurs," the Gartner advisory stated.

The analyst firm went on to point out that Microsoft has already developed NT4 patches for customers that have paid for custom support, but says it does not want to give users a false sense of security by breaking its policy and releasing these fixes publicly.

Gartner accused Microsoft of being shortsighted in not publicly releasing fixes for critical holes in NT4, adding that the software gaint risks a "public-relations nightmare" if an attack based on the unpatched vulnerability shuts down a major corporation or government agency.

Gartner urged Microsoft to set a higher standard for the security support of older software products, and to immediately extend fixes to NT4.

Silver and MacDonald's analysis states that Gartner has previously advised companies to migrate critical systems off NT4 to Windows 2000 or Windows XP Professional. However, to avoid a forced upgrade, those still using the platform should consider host-based intrusion prevention products and investigate alternative ways of shielding systems - for example, by blocking specific ports and filtering web content.

Firms could also consider paying Microsoft for custom support if their company is highly risk-averse or demand that Microsoft make the NT4 critical patches public.

www.gartner.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Westpac committed to core banking plan
[Blog post] Now with leadership.
 
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Apple's top MacBook Pro with Retina is now cheaper
Aug 1, 2014
Apple has updated its MacBook Pro range with faster processors and new pricing, including ...
Pass on carbon tax savings, warns ACCC
Jul 24, 2014
The ACCC is warning businesses that supply "regulated goods" to pass on any cost savings ...
Have customers that won't pay debts?
Jul 10, 2014
The ACCC and ASIC have updated their advice when it comes to collecting debts.
Carpet cleaner faces court over online testimonials
Jul 4, 2014
The ACCC has initiated proceedings against A Whistle (1979) Pty Ltd, the franchisor of Electrodry...
You can now get 15GB of free online storage using Microsoft OneDrive
Jun 25, 2014
Cloud storage has reached both the capacity and price where it's a viable alternative to local ...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  30%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1166

Vote