News

Gartner Issues Warning to Windows NT 4 Workstation Users

The blizzard of Microsoft security patches last Tuesday serves as a harsh reminder to organizations still running Windows NT 4.0 Workstation that you're on your own.

Analysts at Gartner are taking the opportunity to remind Windows NT 4.0 Workstation holdouts that if you've been unable to heed Microsoft's, Gartner's and others' warnings to get critical systems off Windows NT 4.0 Workstation, you should have other precautions in place.

Microsoft support for Windows NT 4.0 Workstation officially ended on June 30. However, Microsoft did reach back to support those users, and Windows 2000 Service Pack 2 users, in August when it released patches for critical security flaws in Internet Explorer that gave rise to Download.Ject.

On Oct. 12, however, Microsoft released 10 security bulletins, and seven of the bulletins included fixes for critical problems. Microsoft did not publicly issue patches for Windows NT 4.0 Workstation in that batch of patches. According to Gartner, Microsoft prepared the patches for customers paying for $200,000 custom support contracts.

Gartner is urging customers with Windows NT 4.0 Workstation to consider host-based intrusion prevention products and investigate other protections such as blocking specific ports and filtering Web content.

But Gartner also says customers must demand that Microsoft make the critical patches for Windows NT 4.0 Workstation public. "Gartner believes that Microsoft is being shortsighted in not publicly releasing fixes for critical holes in NTW4, and risks a public-relations nightmare if an attack based on the unpatched vulnerability shuts down a major corporation or government agency," analysts Michael Silver and Neil MacDonald write.

Garter estimates that between 10 percent and 20 percent of enterprise PCs still run Windows NT 4.0 Workstation.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.