This may not have the drama of an E.R. episode, and it certainly doesn’t have the star appeal, but Microsoft may be ordering their customers to cease all efforts to revive Windows NT and call the official time of death.
With their latest security bulletin, MS03-010, Microsoft announced that there is a flaw in the RPC Endpoint Mapper which could allow for a denial of service attack. While the vulnerability exists in Windows NT 4, Windows 2000 and Windows XP, only Windows 2000 and XP have a patch available. The official statement from Microsoft regarding Windows NT 4 is:
“Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerability for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability.”
They do provide a workaround to try and prevent anyone exploiting this vulnerability. Basically, RPC uses port 135. Microsoft recommends that all Windows NT 4.0 machines be placed behind a firewall which blocks incoming traffic on port 135. By doing so, the machine will be protected from an attack using this vulnerability from an external source. Of course, if an attacker finds some other way through the firewall or you have a disgruntled employee inside the computer itself will still be vulnerable.
Windows NT 4.0 in all its versions is still widely used throughout the world. Microsoft has gone from Windows NT 4.0 to Windows 2000 to Windows XP and soon to be releasing Windows 2003 or .NET Server all in the course of just a few years. Most companies are not in a position to entirely upgrade or replace their operating system every year or two.
Companies like to wait for new releases to be around awhile and prove their security and stability before deciding to spend huge sums of money and time to roll out an upgrade. However, they also don’t want to buy yesterday’s technology if they know the hot new version is coming out soon. With the pace that Microsoft has been introducing operating systems it is difficult for a company to balance waiting for the operating system to prove itself with waiting for the new version to come out.
Windows NT 4.0 is by no means dead, but its not far off. The monitor is flat-lining and the paddles are charging. Windows NT 4.0 is still a formidable operating system and it won’t disappear soon, but when you start having security vulnerabilities that CAN’T be fixed companies and users start to have no choice but to switch operating systems. In the meantime- all you Windows NT 4.0 users make sure you are behind a firewall blocking port 135.