News

Patches Provided for Windows NT 4 Despite End of Support

Operating in the gray area between support and non-support, Microsoft chose to freely distribute the one new security bulletin that affected Windows NT Server 4.0 on Tuesday, 11 days after official support of the operating system expired.

Microsoft released three security bulletins on Tuesday (See related story).

For one of the two critical bulletins, MS05-002, Microsoft chose to provide a patch for free to all customers on Windows NT Server 4.0. Officially, support for Windows NT Server 4.0 ended on Dec. 31, 2004. Even that support deadline is a gray area, however. Microsoft is offering custom support contracts for up to two years for customers who are committed to migrating to a later version of Windows. The contracts cost a reported $200,000 a year.

As part of the contracts, Microsoft pledged to provide Windows NT 4.0 patches for all security flaws rated critical or important. Microsoft officials also say they will provide those patches for free to all customers for that subset of critical flaws that are extremely severe.

In this case, however, Microsoft's security team was just caught between the extended support phase in December and the new custom support phase.

"The majority of the steps that are required to address this vulnerability were completed before [the support deadline]. Therefore, we have decided to release a security update for this operating system version as part of this security bulletin," according to Microsoft's bulletin documentation.

"We do not anticipate doing this for future vulnerabilities that may affect this operating system version, but we reserve the right to produce updates and to make these updates available when necessary," the bulletin stated.

Microsoft reiterated that it should be a priority for customers to migrate from Windows NT Server 4.0 to supported operating systems as quickly as possible.

Bulletin MS05-002 fixed two flaws, one critical and one important. Both are patched for Windows NT Server 4.0. Microsoft also tested Windows NT 4.0 against the flaws patched in the other bulletins released on Tuesday. Neither affected the aging operating system. However, most customers running Windows NT Server 4.0 will be affected by the critical flaw in bulletin MS05-001. That flaw affects Internet Explorer 6.0 Service Pack 1, and customers who wanted support for Windows NT 4.0 were required to use that version of Microsoft's browser. A separate patch is available to protect IE 6 SP1 against the vulnerability.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.

  • Microsoft CSPs To Start Selling Windows 10 ESU this Fall

    Organizations that want to extend the life of their Windows 10 PCs can begin buying extension plans from Microsoft's Cloud Solution Provider (CSP) partners on Sept. 1.