Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

Necessary. Always active Read more

These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.
Tailored Advertising. Read more

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Analytics. Read more

These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

Customise Settings

UK government marks 'at least' £115m for new Brexit systems against backdrop of chequered IT project history in customs and border control

HPE shifts further out onto the edge, plans to weld $925m Silver Peak buy to Aruba Networks

UK's University of Manchester has its head in all the clouds as it rains £50m on integrators

GitHub is just like all of us: The week has just started but it needed 4 whole hours of downtime

When you see PWA, Microsoft and Google want you to think Programs With Attitude: Web app release tool tweaked

Pretend your holiday wasn't cancelled from next month: Microsoft Flight Simulator cleared for take-off

Rust code in Linux kernel looks more likely as language team lead promises support

Microsoft Visual Studio gets .NET Core debugging – on WSL2

Sueball locked, loaded and pointed at LinkedIn over iOS privacy naughtiness

Better get Grandpa off Windows 7 because zero-day bug in Zoom allows remote code execution on vintage OS

Trump reveals US cyber-attack on Russian election-misdirection troll farms

How to make your IT security go beyond your network – and make people your perimeter

Continuous Lifecycle Online is this Wednesday: Get your ticket while you can, and tune into these fantastic sessions

Rancher rides off into the SUSE-set after acquisition by Linux outfit

Microsoft integrates Azure Functions with Dapr – for when you run Azure Functions outside Azure. Confused yet?

Languishing lodash library loophole finally fitted for a fix: It's only taken since October to address security bug

Mixed signals? Yes and no: Analog Devices snaps up rival Maxim Integrated for $20.9bn

Reporting live from Gartner pandemic watch: IT spending is shrinking by X this year, I mean Y

Software biz Advanced set to lay off 6% of its workforce, blames that virus

South Korea joins the ‘we’re going to be self-sufficient in more tech and then export bucketloads’ club

Apple: Don't close MacBooks with a webcam cover on, you might damage the display

Oh what a cute little animation... OH MY GOD. (Not acceptable, even in the '80s)

Soft press keys for locked-down devs: Three new models of old school 60-key Happy Hacking 'board out next month

Pandemic proves just the tonic for PC sales as shipments shoot upwards

Geek's Guide

The world's nonsense keeping you awake in middle of the night? Good news. Go outside and see this two-tail comet

Spotted the ISS in the sky yet? How about pulling out some spare kit and giving it a listen?

If the Solar System's 'Planet Nine' is actually a small black hole, here's how we could detect it... wait, what?

Mars InSight to stretch its arm and look around as mole-mashing ops are paused

Detroit Police make second wrongful facial-recog arrest when another man is misidentified by software

Microsoft says ciao to Xiaoice: Formerly unpatriotic Chinese teenager sim flies the nest

We've paused Sigfox roof aerial payments, says WND-UK, but we'll make you whole after COVID

Privacy watchdogs from the UK, Australia team up, snap on gloves to probe AI-for-cops upstart Clearview

Verity Stob

All in all it's just another bork on the wall: For pity's sake, begs signage, climb onto the pub's roof and boot me up

Hungry? Please enjoy this delicious NaN, courtesy of British Gas and Sainsbury's

Cereal Killer Cafe enters hipster heaven, heads online: Coronavirus blamed for shutters being pulled down

Boolean bafflement at British Airways' Executive Club: Sneaky little Avioses - Wicked, Tricksy, False!

Security

NT4.0 too flawed to fix – official

Insecure by design

Thu 27 Mar 2003 // 17:48 UTC Got Tips?

John Leyden Bio Email Twitter

There's a nasty rider with Microsoft's latest security problem for NT users.

Although a denial of service risk exists in an "important" security vulnerability, publicised yesterday affecting NT 4.0, Redmond tells users not to expect a patch for that operating system anytime soon.

Windows 2000 and XP users do have access to a fix, designed to address a flaw involving Endpoint Mapper, but the best on offer for Win NT users is advice to shelter vulnerable servers behind a firewall.

The vulnerability involves the Microsoft's implementation of Remote Procedure Call protocol, more specifically the component that deals with message exchange over TCP/IP. Malformed messages received by the Endpoint Mapper process, which listens on TCP/IP port 135, might cause a server to hang.

Microsoft has provided patches with this bulletin to correct this vulnerability for Windows 2000 and Windows XP, but not Windows NT 4.0 - even though the OS is affected.

In a surprisingly candid admission, the company states that fixing NT4.0 is simply too difficult.

"The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability," Microsoft says. "Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ in the bulletin, which is to protect the NT 4.0 system with a firewall that blocks Port 135."

Firewalling will probably keep external attackers at bay but the flaw gives attackers with intranet access considerable scope to crash, though not (it would seem root), inherently vulnerable NT4 boxes. ®

External Links

Microsoft's Security Bulletin

ABOUT US

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR NEWSLETTERS

Join our daily or weekly newsletters, subscribe to a specific section or set News alerts

Subscribe

Your Consent Options Cookies Privacy Ts&Cs

Review and manage your consent

Manage Cookie Preferences

UK government marks 'at least' £115m for new Brexit systems against backdrop of chequered IT project history in customs and border control

HPE shifts further out onto the edge, plans to weld $925m Silver Peak buy to Aruba Networks

UK's University of Manchester has its head in all the clouds as it rains £50m on integrators

GitHub is just like all of us: The week has just started but it needed 4 whole hours of downtime

When you see PWA, Microsoft and Google want you to think Programs With Attitude: Web app release tool tweaked

Pretend your holiday wasn't cancelled from next month: Microsoft Flight Simulator cleared for take-off

Rust code in Linux kernel looks more likely as language team lead promises support

Microsoft Visual Studio gets .NET Core debugging – on WSL2

Sueball locked, loaded and pointed at LinkedIn over iOS privacy naughtiness

Better get Grandpa off Windows 7 because zero-day bug in Zoom allows remote code execution on vintage OS

Trump reveals US cyber-attack on Russian election-misdirection troll farms

How to make your IT security go beyond your network – and make people your perimeter

Continuous Lifecycle Online is this Wednesday: Get your ticket while you can, and tune into these fantastic sessions

Rancher rides off into the SUSE-set after acquisition by Linux outfit

Microsoft integrates Azure Functions with Dapr – for when you run Azure Functions outside Azure. Confused yet?

Languishing lodash library loophole finally fitted for a fix: It's only taken since October to address security bug

Mixed signals? Yes and no: Analog Devices snaps up rival Maxim Integrated for $20.9bn

Reporting live from Gartner pandemic watch: IT spending is shrinking by X this year, I mean Y

Software biz Advanced set to lay off 6% of its workforce, blames that virus

South Korea joins the ‘we’re going to be self-sufficient in more tech and then export bucketloads’ club

Apple: Don't close MacBooks with a webcam cover on, you might damage the display

Oh what a cute little animation... OH MY GOD. (Not acceptable, even in the '80s)

Soft press keys for locked-down devs: Three new models of old school 60-key Happy Hacking 'board out next month

Pandemic proves just the tonic for PC sales as shipments shoot upwards

The world's nonsense keeping you awake in middle of the night? Good news. Go outside and see this two-tail comet

Spotted the ISS in the sky yet? How about pulling out some spare kit and giving it a listen?

If the Solar System's 'Planet Nine' is actually a small black hole, here's how we could detect it... wait, what?

Mars InSight to stretch its arm and look around as mole-mashing ops are paused

Detroit Police make second wrongful facial-recog arrest when another man is misidentified by software

Microsoft says ciao to Xiaoice: Formerly unpatriotic Chinese teenager sim flies the nest

We've paused Sigfox roof aerial payments, says WND-UK, but we'll make you whole after COVID

Privacy watchdogs from the UK, Australia team up, snap on gloves to probe AI-for-cops upstart Clearview

All in all it's just another bork on the wall: For pity's sake, begs signage, climb onto the pub's roof and boot me up

Hungry? Please enjoy this delicious NaN, courtesy of British Gas and Sainsbury's

Cereal Killer Cafe enters hipster heaven, heads online: Coronavirus blamed for shutters being pulled down

Boolean bafflement at British Airways' Executive Club: Sneaky little Avioses - Wicked, Tricksy, False!

Security

NT4.0 too flawed to fix – official

Insecure by design

External Links

Related Stories

Most Read

IBM job ad calls for 12 years’ experience with Kubernetes – which is six years old

Linus Torvalds banishes masters, slaves and blacklists from the Linux kernel, starting now

Oh what a cute little animation... OH MY GOD. (Not acceptable, even in the '80s)

Trump reveals US cyber-attack on Russian election-misdirection troll farms

How to make your IT security go beyond your network – and make people your perimeter

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Tech Resources

The Total Economic Impact of GitHub Enterprise

Pure Storage's Evergreen Storage Continues to Be the All-Flash Array Market's Customer Experience Program to Beat

Phishing Campaign Targets Multiple U.S., International Government Procurement Services

Supporting the Switch

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

SIGN UP TO OUR NEWSLETTERS