Introduction:
Occasionally Microsoft issue a series of corrections and / or additions to an operating system after it's commercial release. The purpose of these additional patches is to:Windows NT 4.0 is the successor to the Windows NT 3.x release. In this release, the user interface from Windows 95 was integrated, making NT just as easy to use as its consumer counterpart. Internet Explorer was bundled, providing a web browser out of the box. Speed was improved by moving components into kernel-mode, at the expense of security and reliability - changes Windows is suffering. Hey, yesterday Ive finally got a sealed copy of Windows NT 4.0 Workstation in Danish. Its the only version of Windows from the 1990 era that Ive never tried out yet. Alongside the OEM disc there is also another disc in which SP4 is located. Ive been searching all around the Internet for SP6a in D.
- Remove a security exploit or vulnerability.
- Correct bugs or oversights in the original design of the Operating System.
- Enhance support for existing hardware or add support for new hardware produced after the OS release.
- Change the way hardware is supported to allow for unexpected behaviour.
- To change the way in which information in the OS is presented to ease operation, configuration or setup.
Internet Explorer 6 Service Pack 1 helps provide a private, reliable, and flexible browsing experience and the freedom to experience the best of the Internet for users of Windows XP, Windows Millennium Edition (Windows Me), Windows 2000, Windows 98, and Windows NT® 4.0 Service Pack 6a. Total download size for a typical installation is. Windows NT 4.0 Service Pack 6a Available The System policies that have been incorporated into the windows features is one of the key highlights of the Windows NT 4.0 The System policy editor allows you to edit the policies that are currently available on the server and that means that the system policy can be set by you giving you the primary.
For a more detailed summary of the terminology used by Microsoft to describe the types of patches and their ranking of importance see Knowledgebase article 824684 - Description of the Standard Terminology That is Used to Describe Microsoft Software Updates.
Service Packs are ALWAYS cumulative - that is, it is only necessary that you apply the most recently released one for your Operating System - all revisions which existed in previous Service Packs are included in the latest release. Hotfixes and Rollups are NOT cumulative and must be individually applied to a system - the order in which they are applied is also important.
A Service Pack, Hotfix or Rollup will automatically update all necessary files on the system - it is not necessary for you to manually copy, rename or delete any system files during their application. After the update completes, a shutdown and restart will occur to finalise the file replacements. This is required to allow NT to replace files that were in use or otherwise locked whilst the system is running.
NT 4.0 and Service Pack Status:
The table below outlines the history of Windows NT 4.0. The dates apply to all 'flavours' including Server, Workstation, Terminal Server Edition and Enterprise Edition unless otherwise noted.Title | Date Released | Support Ceased |
---|---|---|
Windows NT 4.0 OS (Build 1381) | 29 July 1996 | 31 December 2004 - See Note Below |
Service Pack 1 | 16 October 1996 | 14 March 1997 |
Service Pack 2 | 14 December 1996 | 15 August 1997 |
Service Pack 3 | 15 May 1997 | 25 January 1999 |
Service Pack 4 | 25 October 1998 | 4 August 1999 |
Service Pack 5 | 4 May 1999 | 30 February 2000 |
Service Pack 6a | 30 November 1999 | 30 June 2004 - See Note Below |
Post SP6a Security Rollup (SRP) | 26 July 2001 | 30 June 2004 - See Note Below |
Note: SECURITY ONLY hotfix support extended to 31 December 2004 for all versions EXCEPT Workstation. All support for Workstation ended on 30 Jun 2004. For further information, see these notes.
The current revision level for Windows NT 4.0 Workstation and Server is Service Pack 6a. To see what problems have been addressed in this and previous service packs, look at the following Knowledgebase articles:
- 241211 - List of Bugs Fixed in Windows NT 4.0 Service Pack 6/6a (Part 1)
- 244690 - List of Bugs Fixed in Windows NT 4.0 Service Pack 6/6a (Part 2)
- 225037 - List of Bugs Fixed in Windows NT 4.0 Service Pack 5 (Part 1)
- 244974 - List of Bugs Fixed in Windows NT 4.0 Service Pack 5 (Part 2)
- 150734 - List of Bugs Fixed in Windows NT 4.0 and Terminal Server Edition Service Pack 4 (Part 1)
- 194834 - List of Bugs Fixed in Windows NT 4.0 and Terminal Server Edition Service Pack 4 (Part 2)
- 224793 - List of Bugs Fixed in Windows NT 4.0 and Terminal Server Edition Service Pack 4 (Part 3)
- 224792 - List of Bugs Fixed in Windows NT 4.0 Service Pack 1, 2 and 3
- 152734 - How to Obtain the Latest Windows NT 4.0 Service Pack
Service Pack | Issues Addressed |
---|---|
Service Pack 1 | 9 |
Service Pack 2 | 142 |
Service Pack 3 | 181 |
Service Pack 4 | 713 |
Service Pack 5 | 239 |
Service Pack 6/6a | 278 |
Post SP6a SRP | 53 |
Total: | 1615 |
To verify your current Service Pack level do the following:
- Start
- Run
- Type winver in the box
- Press Enter
After Service Pack 6a is applied, you can then make your way through the list of hotfixes presented in the table below. My suggestion is to stick to the order presented unless you have good reasons for changing it. Most of the hotfixes are SECURITY related. If you have doubts about a vulnerability consult the relevant Security Bulletin from Microsoft (also a 'clickable' link in the table) for details.
WARNING: If you add software to your system:
- by using Control Panel > Add/Remove Programs > Windows NT Setup (that results in copying files from the original NT 4.0 install CD)
- or through normal software 'updating' system .dll files
Failure to follow correct procedure may result in STOP errors. To avoid this situation reapply the required Service Pack, Hotfixes and / or Rollups immediately after the original files have been copied from the NT 4.0 master CD and BEFORE the system is rebooted. If in doubt, ask for guidance.
A good file tracking application like FileImg from the Windows NT 4.0 Resource kit can simplify matters by making it clear whether anything on the base OS install has been modified or regressed.
If you want to check which hotfixes are installed on a system I recommend 'PSInfo', part of the PSTools package from SysInternals.
Check Security Status:
Bear Windows has written an excellent article on how to use MBSA (Microsoft Baseline Security Analyser) on NT4.0 systems. MBSA checks the security and patch status of many Windows components, not just the Operating System itself. It is located at: 'Problem 12: How to control security patches and critical updates installed in Windows NT/2K/XP/2003'Secunia run an excellent web site that tracks known vulnerbilities in computer software (including Operating Systems), their seriousness, and patches to correct the problems. Here are the links for Windows NT4.0:
Recommended Reading:
I suggest you consult the following Knowledgebase articles for a more detailed explanation of what problems you may encounter when applying Service Packs or Hotfixes (items in Bold are important):- 146887 - Repairing Windows NT After the Application of Service Pack 3
- 165418 - Before Installing a Windows NT Service Pack
- 166160 - Stop C000021a after Applying Windows NT 4.0 Service Pack
- 168132 - After Applying Service Pack NT Reports Single Processor
- 175960 - Err Msg: Service Pack Setup Could Not Find the Setup.log File in Your Repair Directory
- 196269 - When to Reinstall a Service Pack
- 196603 - Repair Windows NT After Installation of Service Pack 4 or Later
- 222507 - Incorrect Service Pack Level Displayed After Applying Hotfix
- 226798 - Desktop Icons Are Rearranged After You Install Windows NT Service Pack 4
- 236387 - Unable to Start Windows Explorer After Applying Service Pack 5
- 236954 - Error Message Repairing Windows NT After Installing Service Pack
- 248113 - Files That Are Not Removed When You Uninstall Service Pack 6 or 6a
- 249799 - Slow Network Performance with Service Pack 4, 5, 6, or 6a
- 255987 - Windows NT Service Pack Requires Logon with Local Administrator Permissions After Reboot
- 264450 - Reduced Working Set Size After Installing Windows NT Service Pack 6a
- 829302 - You Cannot Install a Service Pack, a Hotfix or Security Fix in Windows NT 4.0
How to Use This List:
The numbers of the Knowledgebase articles presented are 'clickable' links that will open the full text of the item (by going to the Support site at Microsoft.com) in a NEW browser window. Close the window to return to this site.Colour coding is used to signify the level of danger an unpatched system may encounter as follows:
RED | DANGER | NO PATCH EXISTS FOR THIS ISSUE. Notes may detail means by which the vulnerability can be lessened or negated. |
Pink | CRITICAL | It is VITAL that this patch be installed to ensure system safety. |
Light Grey | Required | Patch is STRONGLY recommended. |
Light Yellow | Optional | This patch may be important, but is only required in specific circumstances as detailed in the Notes. |
You can download the required patch from the Microsoft servers using the supplied link on the relevant Knowledgebase page. Hotfixes that have been obsoleted by more recent patches are NOT mentioned in this list, and do not have to be applied.
Please read the notes relating to the Service Pack or Hotfix before applying it to your system. In some cases, failure to follow the correct procedure when applying a patch may lead to an unbootable system.
Article Number | Title | Security Bulletin | Notes |
---|---|---|---|
242294 | MS99-041: Security Descriptor Allows Priviledge Elevation on Remote Computers | MS99-041 | None |
244599 | Fixes Required in TCSEC C2 Security Evaluation Configuration for Windows NT 4.0 Service Pack 6a | None | Apply Service Pack 6a First |
246009 | Windows NT 4.0 Service Pack 6a Available | None | None |
258437 | FIX: GetEffectiveRightsFromAcl() Fails in Service Pack 6 | None | Apply Service Pack 6a First |
272386 | Upgrade Prompt for Windows Media Player Appears Continually | None | Only Required if Media Player V6.4 Installed - Manual Registry Patch |
299444 | Post Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP) | Additional Information Below | Requires Service Pack 6a First - Caution: See KB Articles 305462, 305929, 307866, 318420 and 326248 Before Applying |
300987 | Windows NT 4.0 Winbond Super I/O Floppy Disk Controller May Not Report Data Underrun or Overrun Condition Correctly | None | Only Required for Hardware Specified |
304158 | Patch for 'HyperTerminal Buffer Overflow' Vulnerability in Windows NT 4.0 | MS00-079 | Only Required if HyperTerminal Accessory is Installed |
307866 | You Cannot Log On to the Computer After You Run a Repair Process if SRP is Installed | None | Caution: Ensure This Hotfix Applied After Security Rollup 299444 |
314147 | MS02-006: An Unchecked Buffer in the SNMP Service May Allow Code to Run | MS02-006 | Only Required if SNMP Service is Installed |
318138 | MS02-029: Unchecked Buffer in Remote Access Service Phonebook Allows Code to Run | MS02-029 | None |
320206 | MS02-024: Authentication Flaw in Windows Debugger Can Cause Elevated Privileges | MS02-024 | None |
320920 | MS02-032: Windows Media Player Rollup Available | MS02-032 | Only Required if Media Player V6.4 Installed - This Patch Supersedes and Totally Replaces 308567, 320944, 321678 Manual Registry Patches Required - See KB Articles 272386 and 320944 for further details |
323172 | Flaw in Certificate Enrolment Control May Cause Digital Certificates to be Deleted | MS02-048 | None |
323255 | MS02-055: Unchecked Buffer in Windows Help Facility May Allow Attacker to Run Code | MS02-055 | Only Required if Hypertext Help Facility Installed |
326830 | MS02-045: Unchecked Buffer in Network Share Provider May Lead to Denial-of-Service | MS02-045 | None |
331953 | MS03-010: Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks | MS03-010 | Caution: No Available Patch for NT 4.0 - Ensure Port 135 is blocked by Firewall |
810833 | Unchecked Buffer in the Locator Service Might Permit Code to Run | MS03-001 | None |
814078 | MS03-008: Flaw in Windows Script Engine May Allow Code to Run | MS03-008 | Only Required if Microsoft Java Virtual Machine Installed |
815021 | MS03-007: Unchecked Buffer in Windows Component May Cause Web Server Compromise (ntdll.dll) | MS03-007 | None |
817606 | MS03-024: Buffer Overrun in Windows Could Lead to Data Corruption | MS03-024 | None |
819696 | MS03-030: Unchecked Buffer in DirectX Could Enable System Compromise | MS03-030 | Only Required if Media Player V6.4 or Internet Explorer V6.0 (SP1) Installed |
823559 | MS03-023: Buffer Overrun in the HTML Converter Could Allow Code Execution | MS03-023 | Only Required if HTML Authoring Software (eg: Office) Installed |
823803 | MS03-029: A Flaw in a Windows Function Might Allow Denial of Service | MS03-029 | Caution: See KB Article 825501 Before Applying - This Patch Refuses to Apply on a Workstation System (See Note 1) |
824105 | MS03-034: Flaw in NetBIOS Could Lead to Information Disclosure | MS03-034 | This Patch Refuses to Apply on a Workstation System (See Note 1) |
828035 | MS03-043: Buffer Overrun in Messenger Service Could Allow Code Execution | MS03-043 | Caution: See KB Article 831579 Before Applying |
828741 | MS04-012: Cumulative Update for Microsoft RPC/DCOM | MS04-012 | Danger: Known Security Exploit - Ensure this Hotfix is Applied. This Patch Supersedes and Totally Replaces 823980 (MS03-026) and 824146 (MS03-039) |
832353 | FIX: Some URL Script Commands Do Not Work After You Apply Windows Media Update From Knowledgebase Article 828026 | None | Only Required if Media Player V6.4 Installed. This Patch Supersedes and Totally Replaces 828026 See 828026 for Important Information on Setting Registry Controls |
835732 | MS04-011: Security Update for Microsoft Windows | MS04-011 | Danger: Critical Security Status - Ensure this Hotfix is Applied. This Patch Supersedes and Totally Replaces 329115 (MS02-050), 328310 (MS02-071), 811493 (MS03-013), 823182 (MS03-041), 824141 (MS03-045) and 828028 (MS04-007) Caution: See KB Article 841180 and 841384 Before Applying |
840987 | MS04-032: Security Update for Microsoft Windows | MS04-032 | This Patch Refuses to Apply on a Workstation System (See Note 2) |
841356 | MS04-037: Vulnerability in Windows Shell Could Allow Remote Code Execution | MS04-037 | This Patch Supersedes and Totally Replaces 839645 (MS04-024) |
841533 | MS04-031: Vulnerability in NetDDE Could Allow Remote Code Execution | MS04-031 | This Patch Refuses to Apply on a Workstation System (See Note 2) |
841872 | MS04-020: A Vulnerability in POSIX Could Allow Code Execution | MS04-020 | None |
870763 | MS04-045: Vulnerability in WINS Could Allow Remote Code Execution | MS04-045 | Only Required for Server System Providing WINS |
873339 | MS04-043: Vulnerability in HyperTerminal Could Allow Code Execution | MS04-043 | Only Required if HyperTerminal Accessory is Installed - This Patch Refuses to Apply on a Workstation System (See Note 2) |
873350 | MS04-029: Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service | MS04-029 | This Patch Refuses to Apply on a Workstation System (See Note 2) |
883935 | MS04-036: Vulnerability in NNTP Could Allow Code Execution | MS04-036 | Only Required for Server System Providing NNTP Service |
885249 | MS04-042: A Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service | MS04-042 | Only Required for Server System Providing DHCP Service |
885250 | MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution | MS05-011 | Caution: No Available Patch for NT 4.0 - Primary Threat would be from SMB traffic within the LAN |
885834 | MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution | MS05-010 | Only Required on a Server System Running Licensing Service |
885835 | MS04-044: Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege | MS04-044 | This Patch Refuses to Apply on a Workstation System (See Note 2) |
885836 | MS04-041: A Vulnerability in WordPad Could Allow Code Execution | MS04-041 | This Patch Refuses to Apply on a Workstation System (See Note 2) |
890175 | MS05-001: Vulnerability in HTML Help Could Allow Code Execution | MS05-001 | Only Required if Internet Explorer V6.0 or above is Installed Caution: See KB Articles 892641 and 892675 Before Applying |
891711 | MS05-002: Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution | MS05-002 | This Patch Refuses to Apply on a Workstation System (See Note 2) |
912919 | MS06-001: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution | MS06-001 | Caution: No Available Patch for NT 4.0 - Files of Type .wmf should be handled with care |
921883 | MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution | MS06-040 | Caution: No Available Patch for NT 4.0 - Ensure TCP Ports 139 and 445 are blocked by Firewall |
Notes:
- Microsoft offer a patch for Workstation by making a request by phone or email to customer support. Alternately, see the procedure described here.
- These patches are officially 'unsupported' by Microsoft for use on a Workstation system. This is merely a commercial decision. The hotfix.inf can be adjusted to override this - see the procedure described here.
Additional Information Regarding the 'Post Service Pack 6a Security Rollup' (SRP - Hotfix Q299444):
The Security Rollup (SRP) is a single package which contains the following 53 hotfixes which had been previously released:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Making the Latest Hotfixes Work on Workstation:
Microsoft have taken the extraordinary position of ending security hotfix support for Workstation 6 months prior to Server. I'm afraid I am left with no option but to conclude that this is a grubby commercial decision in the ongoing campaign of trying to kill NT4 off. If you check the 'Product Lifecycle' page at the Microsoft website, you will discover the NT4 (and specifically Workstation) has a remarkably SHORTER OS product lifecycle as compared to the latest releases. (Windows 2000, Windows XP and Windows Server 2003)
To attempt to shorten it's life still further, by denying users access to essential security patches, is unconscionable. It could be argued that it is essential that these hotfixes be applied if at all possible, to lessen any security risks exposed by the 'holes' in the OS. It could be further argued that Microsoft, in taking the deliberate step of refusing to offer these patches for Workstation, is attempting to convince customers that the OS is now 'unsafe' and should be upgraded. I also believe the timing of these hotfixes is extremely questionable. How convenient it is that such a major raft of serious security flaws are found only 3 months after support has ended.
I consider this further compelling evidence of a deliberate campaign to end Windows NT 4.0 whilst it is still a useful and active participant in general computing.
The reality is that the security hotfixes released after 30 June 2004, and that are supposedly 'NT4 Server only', are able to be used on Workstation equally as well. To adjust the patches for use, expand the contents of the downloaded .exe file (using a programme like WinZip) into a convenient folder. Make sure that all the content of the patch is grouped together in this one place. Manually edit the included hotfix.inf file in the package as described here:
Windows Nt 4 Sp6
Save the amended hotfix.inf in place of the original expanded from the supplied package. Apply the hotfix by simply double-clicking 'hotfix.exe'. The patch should now execute and apply normally.
ACKNOWLEDGMENT: This technique was first announced in October 2004 by Reed Darsey at www.networksecurityarchive.org. I have since independently verified it's accuracy, using Microsoft supplied 'Workstation enabled' patches for the items referred to in Knowledgebase articles 823803 and 824105.
Windows Nt 4.0 Service Pack 6a Download 64-bit
Cleaning Up a System After Hotfixes / Service Packs:
When Hotfix.exe or Update.sys replace files on a machine it builds a series of 'back out' folders with names in the form $NTUninstallxxxxxx$ (the xxxxxx section is unique for each patch applied and based on the Hotfix number) in the %systemroot% (usually this is WinNT). When you apply a Service Pack the creation of this 'back out' folder is optional, determined by a button you press at the EULA screen of the Service Pack.WARNING: Microsoft are inconsistent in their creation of 'back out' folders. In some instances, uninstall information is placed in a folder in 'Program FilesUninstall Information' instead.
If you are satisfied that the changes made to your system by Hotfixes and/or Service Packs are stable, and you no longer require the ability to be able to 'back out' of the changes, you can remove this uninstall information. This will often free considerable amounts of space in the boot partition. You may simply delete the corresponding $NTUninstall --- $ folder and all it's contents.
The Hotfix / Service Pack also adds an entry in the 'Add/Remove Programs' applet of Control Panel. In the interests of not causing future confusion, it is advisable that the uninstall entry be removed from the list, since deletion of the $NTUninstall --- $ folder has rendered the uninstall from Control Panel impossible.
To remove the redundant entries (they take the form of Qxxxxxx or KBxxxxxx) from the 'Add/Remove Programs' section of Control Panel, manual editing of the Registry is required. If you unfamiliar with this process, or unsure of what you are doing, seek out experienced assistance. Incorrectly editing the Registry can irreparably damage an NT installation.
Procedure:
Open the registry with RegEdit.exe. Navigate to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall
Under this key you will find a subkey in the form Qxxxxxx or KBxxxxxx for each Hotfix / Service Pack applied. Delete the appropriate subkey for the hotfix that had it's 'back out' folder deleted.
WARNING: Service Packs / Hotfixes / Rollups also add an entry to the registry key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionHotfix
DO NOT alter this entry in any fashion. These keys list what Hotfixes have been applied. (Programmes like Systems Internals 'PSInfo' use this information)
For more information on how a patch is applied using Hotfix.exe and Update.exe see the following Microsoft Knowledgebase articles:
- 184305 - How to Install and Remove Hotfixes with HOTFIX.EXE
- 262841 - Command-Line Switches for Windows Software Update Packages
- 824687 - Command-Line Switches for Microsoft Software Update Packages