Web www.software-risk.co.uk

Support for NT4 by Microsoft officially ended on 31/12/04. In January 2005, however they have released 2 new critical patches for NT4 Server Users.

Internet Explorer 6.0 Service Pack 1 is the target of the first one. Any of the supported platforms (NT4, Windows 2000 (SP3 and SP4), Windows XP (SP1 and SP2), Windows 2003, and Windows 98/ME.

The vulnerability relates to the Active X HTML component in IE. An attacker could create a malicious web page that could potentially allow remote code execution if a visiter visited that page."

The second concerns a bug in the cursor and icon format handling. Again this could allow remote code execution.

In both instances, the remote code aspect might allow an attacker to effectively take control.

Microsoft stated that it did not anticipate any more patches for NT4 vulnerabilities. "We reserve the right to produce updates and to make these updates available when necessary."

The ideal method, according to Microsoft is to upgrade to a later version of Windows.

Related Articles
Longhorn Now Vista and in 2006
IE
iTunes Video Software Released
Java Enterprise System Boosted With ID Management
Windows 2003 SP1 Server Problems
Windows XP SP2 Block Off
DNS Poisoning Abounds
SANS Warns On Trojans

Similar Areas

Windows Items

Web Items

Networks Items

Security Items

Risk Management Items

Selected Books

Keywords

Microsoft support

NT4 support

NT4 Servers

IE

IE 6.0

Windows 2000

Windows XP

Windows 2003

Windows 98

Windows ME

IE security

ActiveX