DealsOnTheWeb Daily Deal: Kill a Dummy, Get some Wood
Microsoft Refuses To Patch NT4 Vulnerability
by , 8:00 AM EST, March 28th, 2003
Another security vulnerability has been reported with Microsoft's line of server operating systems. While such news is nothing new to long-time Microsoft watchers, the difference between the new issue and past ones lies in the response from Redmond. According to an article published in the Register, Windows XP and 2000 users need to install a patch but NT 4.0 users are simply out of luck. According to the article:
The vulnerability involves the Microsoft's implementation of Remote Procedure Call protocol, more specifically the component that deals with message exchange over TCP/IP. Malformed messages received by the Endpoint Mapper process, which listens on TCP/IP port 135, might cause a server to hang.
The Microsoft TechNet bulletin, issued to address the possible denial of service attack states that they will never correct the flaw for NT 4.0 because it would be too difficult and could cause application incompatibility. From the bulletin:
The Windows NT 4.0 architecture is much less robust than the more recent Windows 2000 architecture, Due to these fundamental differences ... it is infeasible to rebuild the software for Windows NT 4.0 to eliminate the vulnerability. To do so would require rearchitecting a very significant amount of the Windows NT 4.0 operating system, and not just the RPC component affected.
Unfortunately, Microsoft only offers one suggestion for the massive number of customers still using the older operating system. It strongly recommends placing all Windows NT 4.0 servers behind a firewall that blocks service to the affected port.
The Mac Observer Spin:
Despite the fact that Windows NT 4 is a discontinued product, it's horrible for Microsoft to just throw up its hands and declare that there is no, and never will be, a fix for the flaw. This is especially true since Microsoft freely admits fault through a flaw in its architecture. Also interesting to note is the fact that Microsoft didn't say it was impossible to fix, just that the company didn't want to spend the time to do it correctly.Given its tendency to strive for ever-increasing sales, this looks like a move to convince administrators it is in their best interest to upgrade. Not only is it proclaiming NT4 to have an unfixable flaw but even goes so far as to call it "much less robust" in comparison to its currently available server products. It wouldn't surprise us to see more of these unfixable bugs pop up in the not-so-distant future.
This raises an interesting issue of corporate responsibility. Should an organization such as the Federal Trade Commission force Microsoft to either fix the flaw or compensate the users in the form of a rebate on a new operating system? Just how long should a company have to keep issuing patches on discontinued software?
Observer Comments
Recent Headlines - Updated Saturday, November 29th, 2008
- Sat., 9:00 PM
- Podcast - Apple Weekly Report #135: Apple Lawsuits, Banned iPhone Ad, Green MacBook Ad
- Fri., 12:45 PM
- Podcast - Mac Geek Gab #178: Batch Permission Changes, Encrypting Follow-up, Re-Enabling AirPort, and GigE speeds
- Thu., 1:30 PM
- iPO Review - Scosche kickBACK iPhone case
- 7:00 AM
- Happy Thanksgiving from TMO!
- Wed., 6:00 PM
- TMO Appearances - Nancy Gravley Joins MacJury Gift Guide
- 5:15 PM
- TMO Visits The Bay, a Premium Apple Reseller in New Zealand
- 3:25 PM
- iPO Oh the Games You'll Play - iPhone: The Wii of Handheld Gaming Devices?
- 2:15 PM
- Sonnet Releases Simply Fast FireWire 800 to 400 Adapter
- 1:10 PM
- Mac Gaming News - Disney Plans 1st Annual PotC Online Thanksgiving Event
- 12:05 PM
- iPodObserver - UK Shuts Down iPhone 3G Ad
- 11:15 AM
- TMO Appearances - Jeff Gamet on MacJury Gift Guide
- 10:30 AM
- TMO Contest - TMO Announces Macworld Expo Pass Winners
- 9:50 AM
- PhotoCopy 1.1 Adds iPhoto Event Support
- 9:15 AM
- Acclivity Buys MYOB US
- 8:30 AM
- Review - Bento 2 Holiday Pack
- 7:50 AM
- Microsoft Offers Black Friday Office Discount
- 7:30 AM
- iPO Quick Tip - iPhone: Google Street View
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
New MacPro Memory 800Mhz With Apple Spec Heat Sink - 2GB $72 / 4GB $104 / 8GB $204. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Mac Pro FB-DIMMs: 2Gig kit $95, 4Gig Kit $179, 8Gig Kit $355! MacBook 2Gig Kit $78, 4Gig Kit $149! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Marshmallow Popper Gun Shooter: $9.99 Delivered - Make the Yam Side Dish a Sporting Event 
OnSale's ThanksGiving Day/Black Friday Combo Sale - Turkey, Deals, and LeftOvers - The Holiday Trifecta! 
Fall Knuckle Deep into Dell Small Business's Black Friday Sale - Going on Now!!!!! 
File Your Nails Now - Overstock's Black Friday Sale is Coming! Get Great Gifts at Great Prices 
