Re: Alert: Microsoft Security Bulletin - MS03-039

From: Ben Reardon (ben.reardon_at_TELSTRA.COM)
Date: 09/11/03

  • Next message: Russ: "Patch Solutions - survey"
    Date:         Thu, 11 Sep 2003 09:50:17 +1000

    I thought there was an interesting subtle difference regarding
    Microsoft’s treatment of legacy systems (such as NT4 WS, and W2K SP2)
    between MS03-26 and MS03-39.

    There seems to be a notable shift in the 'all care, no responsibility'
    approach of MS02-36 to the fully tested support of MS03-39 (and even a
    separate download for NT4 Workstation). Testimony to the fact there is
    still so much NT4 still out there on the desks. I wonder where we will
    be in Dec 04 when NT4 server support runs out. I seem to remember it’s
    already been given a year or more grace.

    Here is a cut from the two separate bulletins and how they deal with
    NT4, win2000 SP2 treatment is similar.

    This security patch will install on Windows NT 4.0 Workstation Service
    Pack 6a. However, Microsoft no longer supports this version, according
    to the Microsoft Support Lifecycle policy found at In addition, this security
    patch has only received minimal testing on Windows NT 4.0 Workstation
    Service Pack 6a. Customers are strongly advised to upgrade to a
    supported version as soon as possible. Microsoft Product Support
    Services will support customers who have installed this patch on
    Windows NT 4.0 Workstation Service Pack 6a if a problem results from
    installation of the patch.

    Windows NT 4.0 Workstation has reached its end of life as previously
    documented and Microsoft is not normally providing generally available
    patches. However, due to the nature of this vulnerability, the fact
    that the end-of-life occurred very recently, and the number of Windows
    NT 4.0 Workstations currently in active use, Microsoft has decided to
    make an exception for this vulnerability.
    We do not anticipate doing this for future vulnerabilities, but reserve
    the right to produce and make available patches when necessary. It
    should be a priority for customers with existing Windows NT 4.0
    Workstations to migrate those to supported platforms to prevent
    exposure to future vulnerabilities.

    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available.  And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

  • Next message: Russ: "Patch Solutions - survey"