Microsoft says NT 4.0 is too broken to fix
Recently, Microsoft has done a pretty good job plugging security holes in its operating systems, but it looks the latest vulnerability will go unpatched for Windows NT 4.0 systems. According to this story over at The Register, Microsoft is claiming that it can't patch NT 4:
"The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability," Microsoft says. "Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ in the bulletin, which is to protect the NT 4.0 system with a firewall that blocks Port 135."
Released on June 29th way back in 1996, NT 4.0 is certainly an older operating system, but Microsoft's own product life cycle
page suggests that security fixes should still be available for a couple of months. Check out this excerpt from Microsoft's security hotfix policy:
Business Windows Desktop Software: Security patches will be available through the end of the Extended Support phase (five years Mainstream phase + two years Extended Support phase) at no additional cost.
The very same web page even shows that Windows NT Workstation 4.0 won't enter its non-supported phase until June 30th of this year. What's more, Microsoft's own guide
to retiring Windows NT Server 4.0 clearly states that security fixes for that OS will be available until December 31st of 2004.
Depending on which version of NT 4.0 we consider, it looks like Microsoft is either cutting off security fix support a few months, or more than a year and a half early. That is, of course, unless you consider blocking port 135 with a firewall a security hotfix. Trustworthy computing indeed.