NT4.0 too flawed to fix – official
Insecure by design
There's a nasty rider with Microsoft's latest security problem for NT users.
Although a denial of service risk exists in an "important" security vulnerability, publicised yesterday affecting NT 4.0, Redmond tells users not to expect a patch for that operating system anytime soon.
Windows 2000 and XP users do have access to a fix, designed to address a flaw involving Endpoint Mapper, but the best on offer for Win NT users is advice to shelter vulnerable servers behind a firewall.
The vulnerability involves the Microsoft's implementation of Remote Procedure Call protocol, more specifically the component that deals with message exchange over TCP/IP. Malformed messages received by the Endpoint Mapper process, which listens on TCP/IP port 135, might cause a server to hang.
Microsoft has provided patches with this bulletin to correct this vulnerability for Windows 2000 and Windows XP, but not Windows NT 4.0 - even though the OS is affected.
In a surprisingly candid admission, the company states that fixing NT4.0 is simply too difficult.
"The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability," Microsoft says. "Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ in the bulletin, which is to protect the NT 4.0 system with a firewall that blocks Port 135."
Firewalling will probably keep external attackers at bay but the flaw gives attackers with intranet access considerable scope to crash, though not (it would seem root), inherently vulnerable NT4 boxes. ®