News

Gartner Issues Warning to Windows NT 4 Workstation Users

• By Scott Bekker
• October 20, 2004

Analysts at Gartner are taking the opportunity to remind Windows NT 4.0 Workstation holdouts that if you've been unable to heed Microsoft's, Gartner's and others' warnings to get critical systems off Windows NT 4.0 Workstation, you should have other precautions in place.

Microsoft support for Windows NT 4.0 Workstation officially ended on June 30. However, Microsoft did reach back to support those users, and Windows 2000 Service Pack 2 users, in August when it released patches for critical security flaws in Internet Explorer that gave rise to Download.Ject.

On Oct. 12, however, Microsoft released 10 security bulletins, and seven of the bulletins included fixes for critical problems. Microsoft did not publicly issue patches for Windows NT 4.0 Workstation in that batch of patches. According to Gartner, Microsoft prepared the patches for customers paying for $200,000 custom support contracts.

Gartner is urging customers with Windows NT 4.0 Workstation to consider host-based intrusion prevention products and investigate other protections such as blocking specific ports and filtering Web content.

But Gartner also says customers must demand that Microsoft make the critical patches for Windows NT 4.0 Workstation public. "Gartner believes that Microsoft is being shortsighted in not publicly releasing fixes for critical holes in NTW4, and risks a public-relations nightmare if an attack based on the unpatched vulnerability shuts down a major corporation or government agency," analysts Michael Silver and Neil MacDonald write.

Garter estimates that between 10 percent and 20 percent of enterprise PCs still run Windows NT 4.0 Workstation.