A recently announced security problem in Windows will not be fixed for users of Windows NT.
Microsoft has issued a security warning for Windows NT 4.0, Windows 2000 and Windows XP systems. Bulletin MS03-010, dated 26 March 2002, states that this vulnerability could be used by “an attacker … [to] cause the target machine to fail.”
Microsoft does not plan to provide a fix for it on Windows NT 4.0, which is still being used by various departments at UCI. Microsoft says that they have, “extensively investigated an engineering solution for NT 4.0 and found that the Windows NT 4.0 architecture will not support a fix to this issue, now or in the future.”
So, what’s an NT user to do? Microsoft itself recommends placing such systems behind a “firewall which is filtering traffic on Port 135.” Fortunately, NACS has been running a port blockade on this port since November 5, 2002 (more information on the port blockades). This blockade restricts all off-campus systems and Residential Housing computers sending traffic to these ports on campus.
While this keeps UCI users of Windows NT safe from outside attempts to exploit this weakness, it is prudent for departments to develop a migration strategy away from NT, as Microsoft no longer supports NT nor promises to develop security patches as vulnerabilities are discovered.