Re: Alert: Microsoft Security Bulletin - MS03-039
From: Ben Reardon (ben.reardon_at_TELSTRA.COM)
Date: Thu, 11 Sep 2003 09:50:17 +1000 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
I thought there was an interesting subtle difference regarding
Microsoft’s treatment of legacy systems (such as NT4 WS, and W2K SP2)
between MS03-26 and MS03-39.
There seems to be a notable shift in the 'all care, no responsibility'
approach of MS02-36 to the fully tested support of MS03-39 (and even a
separate download for NT4 Workstation). Testimony to the fact there is
still so much NT4 still out there on the desks. I wonder where we will
be in Dec 04 when NT4 server support runs out. I seem to remember it’s
already been given a year or more grace.
Here is a cut from the two separate bulletins and how they deal with
NT4, win2000 SP2 treatment is similar.
This security patch will install on Windows NT 4.0 Workstation Service
Pack 6a. However, Microsoft no longer supports this version, according
to the Microsoft Support Lifecycle policy found at
http://support.microsoft.com/lifecycle. In addition, this security
patch has only received minimal testing on Windows NT 4.0 Workstation
Service Pack 6a. Customers are strongly advised to upgrade to a
supported version as soon as possible. Microsoft Product Support
Services will support customers who have installed this patch on
Windows NT 4.0 Workstation Service Pack 6a if a problem results from
installation of the patch.
Windows NT 4.0 Workstation has reached its end of life as previously
documented and Microsoft is not normally providing generally available
patches. However, due to the nature of this vulnerability, the fact
that the end-of-life occurred very recently, and the number of Windows
NT 4.0 Workstations currently in active use, Microsoft has decided to
make an exception for this vulnerability.
We do not anticipate doing this for future vulnerabilities, but reserve
the right to produce and make available patches when necessary. It
should be a priority for customers with existing Windows NT 4.0
Workstations to migrate those to supported platforms to prevent
exposure to future vulnerabilities.
---- Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER! With a growth rate exceeding 110%, the TICSA security practitioner certification is one of the hottest IT credentials available. And now, for a limited time, you can save 33% off of the TICSA certification exam! To learn more about the TICSA certification, and to register as a TICSA candidate online, just go to http://www.trusecure.com/offer/s0100/ ----