Microsoft NT Workstation 4 customers must take 'immediate action' to protect themselves

Powered by SC Magazine
 

Companies running Microsoft NT Workstation 4 (NT4) must take "immediate action to protect" themselves in the wake of Microsoft's announcement of 10 Windows security vulnerabilities on 12 October 2004, according to research firm Gartner.

A newly published advisory by Gartner analsyts Michael Silver and Neil MacDonald said that although Microsoft has recently unveiled the multiple vulnerabilities affecting various versions of Windows and issued patches for them, the company has not publicly issued patches for NT4, because security support for that version ended on 30 June 2004.

Although Gartner estimates that between 10 per cent to 20 per cent of enterprise PCs still run NT4, Microsoft ended security fix support for NT4 on 30 June 2004, claiming the eight-year-old NT4 is no longer supportable.

Gartner said it "disagrees with this claim", because the code base for NT Server, which Microsoft does still support, and NT4 are largely the same.

"Microsoft's solution for customers running NT4 is for them to follow Microsoft mitigation and work-around instructions when they are provided, migrate to a supported version of Windows, pay Microsoft $200,000 for a custom support contract or wait for a patch that Microsoft would issue to the public after an attack occurs," the Gartner advisory stated.

The analyst firm went on to point out that Microsoft has already developed NT4 patches for customers that have paid for custom support, but says it does not want to give users a false sense of security by breaking its policy and releasing these fixes publicly.

Gartner accused Microsoft of being shortsighted in not publicly releasing fixes for critical holes in NT4, adding that the software gaint risks a "public-relations nightmare" if an attack based on the unpatched vulnerability shuts down a major corporation or government agency.

Gartner urged Microsoft to set a higher standard for the security support of older software products, and to immediately extend fixes to NT4.

Silver and MacDonald's analysis states that Gartner has previously advised companies to migrate critical systems off NT4 to Windows 2000 or Windows XP Professional. However, to avoid a forced upgrade, those still using the platform should consider host-based intrusion prevention products and investigate alternative ways of shielding systems - for example, by blocking specific ports and filtering web content.

Firms could also consider paying Microsoft for custom support if their company is highly risk-averse or demand that Microsoft make the NT4 critical patches public.

www.gartner.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Australia passes data retention into law
Mammoth last-ditch effort by Greens, indies knocked back.
 
Turnbull introduces bill to block piracy websites
Takes ownership of legislation from Brandis.
 
ATO to kill off e-Tax
Veteran software to be replaced by more modern myTax.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest articles on BIT Latest Articles from BIT
Xero now includes an inventory function built-in
Mar 26, 2015
Xero has added inventory and other major new features to the latest release of its cloud ...
Apple reveals its new MacBook
Mar 13, 2015
Replacing the MacBook Air as Apple's thinnest laptop, the new MacBook comes packed with features.
Xero has released a new version of its app for the iPad
Mar 6, 2015
iPad-wielding Xero users can now take advantage of a new version of the iOS app for the cloud ...
Microsoft is offering Azure for Disaster Recovery to Australian SMBs
Feb 10, 2015
If you haven't talked to your IT provider about disaster recovery, it might be worth discussing ...
The 2015 Xero Roadshow is on: here are the locations and dates
Feb 6, 2015
The 2015 Xero Roadshow kicked off this week - see where you can attend at locations around ...
Latest Comments
Polls
Do you support the Government's data retention scheme?

   |   View results
Yes
  8%
 
No
  92%
TOTAL VOTES: 1341

Vote