As someone who still works with NT 4.0 servers in my professional life, I wasn’t thrilled when MS didn’t come up with a patch for an RPC vulnerability. On the other hand, I already have our NT 4.0 server behind a firewall with port 135 blocked, so it’s really not that big a deal. I probably wouldn’t have patched it anyway, since our setup removes the vulnerability through it’s design and I don’t have to rely on a MS patch for everything. (Not running a webserver eliminates most of the “danger” of running NT 4.0 right off the bat, as it would with any NOS.)
I also don’t really have to worry about whether MS eliminates support for NT 4.0, again, because the setup we have now works, and isn’t really in danger of being hacked because the only outside access to our network is through a firewalled T1 line that goes from our office to another office building of another company and sits behind all of their firewalls and proxies before it ever really comes in contact with the outside world through their ISP, which has another layer of security. You would have to breach their security to even find our network and then have to breach ours from within theirs to access anything. Believe me when I tell you though, there’s nothing on our network worth that much trouble. 🙂
Anyway, I don’t really need MS to continue supporting NT 4.0 until I replace the server hardware, or switch to running a webserver, in which case I would probably jump to 2000 anyway. (or 2003 depending on when this might happen) I think most small shops still running NT 4.0 probably will do the same, eventually. MS not patching this isn’t really a big deal to us, we’re used to “making do” with work-arounds.
Follow these topics: Uncategorized