Windows NT4 Holdouts Open to Security Hole

Posted by bink on March 10 2005, 4:57 PM. Posted in Windows NT 4.

Hundreds of thousands of web sites that continue to run the Windows NT4 face a security dilemma, with no public patch available for a vulnerability in a key Windows networking protocol. The critical flaw in the Server Message Block (SMB) protocol could allow remote attackers to seize control of servers.

Microsoft addressed the SMB issue in its February security update. But the monthly Windows patches no longer include fixes for Windows NT4, which is beyond its end-of-life and remains vulnerable to SMB exploits, according to an advisory from eEye Security.

Microsoft retired NT Server 4.0 on Dec. 31, and now only offers custom paid support for the eight-year old OS. But about 1.1 percent of web-facing hostnames continue to run on Windows NT4, according to this month's Web Server Survey. Thousands of those hostnames are on SSL-enabled web sites which may be conducting e-commerce.

The SMB protocol allows Windows computers to share files and printers on a network. A flaw in the way SMB handles incoming data provides an opening for hackers. "An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft says in its advisory. "An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights." Continue At Source