Windows NT 4.0 Logo

Windows NT 4.0 Workstation was released in 1996 providing an unprecedented level of security and corporate networking services. To this day the Windows NT 4.0 family remains a productive and viable operating system, a credit to those who wrote it. Unfortunately in June 2003 the life cycle of Windows NT 4.0 Workstation came to an end, to be followed a year later with the retirement of the Server and Terminal Server versions. Workstation, like all NT versions shares the same core code with its larger server family members, allowing for easier QFE (Quick Fix Engineering) updates. Although NT 4.0 is now retired, meaning updates and supported software will hence forth fade out. The patching process is still fairly easy. At this time still allowing you to secure your system against the vast majority of modern issues.

It is important to remember if using Windows NT 4.0 Workstation that it is no longer a supported Operating System. Currently most software required to provide additional security will function. If your system can support it we recommend looking to upgrade to a newer operating system. Especially if you are hosting a IIS based web server from you installation.
We recommend that you ensure that you have adequate Firewall and Anti-Virus applications installed on your system and that they are current. Minimising any network shares that you setup on the computer should also be considered. If you are using your install to serve information to the Internet, such as using Personal Web Server or Internet Information Server to host a web site. Ensure that you are using IIS / PWS 4.0 and have all the latest security updates as well as running IIS Lockdown.

As of April 13th 2005 through installation testing HPC:Factor has concluded that Microsoft no longer plan to issue security updates for NT 4.0, and have taken active steps to prevent consumer users from installing Internet Explorer 6.0 SP1 updates onto NT 4.0 SP6a.

Aside from the exception of an unlikely core vulnerability update, we do not expect to see any further QFE's for NT4 Workstation and as from Midnight April 14th 2005 this guide will be deemed Final Revision.
HPC:Factor will continue to monitor for the release of emergency consumer updates, and alert users as applicable.

~ HPC:Factor CESD Team

 

If you can start with a fresh install of Windows NT 4.0 we recommend that you do the following:

  1. Perform a fully custom installation
  2. Only select the optional components that YOU need
  3. Do not install Dial-up networking (RAS) if you do not need dial-up (RAs will be required for hosting CE 1.0 synchronisation)
  4. Do not install LAN components unless you need it
  5. When installing a LAN, make sure not to install unneeded components and protocols.
  6. If you install any software pre 1999, modify any Windows components that require the Windows NT 4.0 CD, reapply Service Pack 6a

 

Recommended Installation Procedure

Before installing any operating system it is important to have all of the pieces of information and software that you will need in order to successfully get up and running.
The main information that you will require are:

  1. Product Installation Key
  2. Network information (If Applicable)
  3. Make and Model of your system hardware
  4. System Drivers, (notably Display, Modem and Network)

Drivers will have come with your PC, its hardware or both. It is important to note however that these drivers may not be current versions. Having updated drivers can provide significant performance benefits for your PC. We recommend that you crate a list of all the manufacturers of your system hardware and then check their web sites for current drivers.

NB: If you are installing a Network Interface Card in your PC, ensure that you have its drivers on a floppy disk.

  1. Turn off your computer and insert Setup Disk 1 into your floppy drive
  2. If your hard drive partition is larger than 8GB or you are installing to a partition higher than 8GB see Q197667
  3. Turn on your computer and follow the Text Mode on-screen instructions
  4. When Graphical mode begins enter your Name, Company information and product key when prompted
  5. When prompted to chose an installation type select Custom
  6. Go through each of the Installation Options and choose the components that you need, click Details to see more on each category
  7. On the Network Installation Screen, if you need a Network Card and it wasn't automatically detected add it using the drivers on the floppy disk.
  8. Ensure that you only install the protocols that you need. Most LAN's require TCP/IP and not NetBEUI or IPX/SPX
  9. Accept the default Network Services
  10. Complete the installation, providing additional drivers and information if required
  11. Once on the Windows NT 4.0 Desktop, install the rest of your Hardware drivers
  12. Install the Service Packs and SRP's section from the Patches and Updates Guide below
  13. Install Microsoft Internet Explorer 6.0 SP1 and the Desktop Shell Update+*^
  14. Follow through the rest of the Windows NT4 Patches & Updates Guide (Below), installing the updates, fixes and add-ons listed
  15. Install your preferred web browser if you wish to use an additional one, ensuring you have the latest version
  16. Visit Windows Update to check for anything additional that you are missing on your system configuration

* Although you may not actively use Microsoft Internet Explorer, installing it updates system components and security. Many other applications that you will need in order to Synchronise with your Handheld PC will require Internet Explorer. It is best to do it now

+ The Desktop Shell Update is not available in Internet Explorer 6. Installing Internet Explorer 4.01 SP2 will install the Shell update, then install IE 6.0 SP1 afterwards. HPC Factor offers both IE 5.5 SP2 with Active Desktop and IE 6.0 SP1 as a download here

^ Internet Explorer 4.01 SP2 is no longer available for download from Microsoft.com

 

Windows NT 4.0 Patches & Updates Guide

The following list of updates will provide you with the highest level of security available to Windows NT 4.0. The Approximate total download size of all the listed updates is 89.43MB

NB: This guide does not cover Internet Information Server (IIS) or Personal Web Server (PWS) updates, it also does not fully cover Windows NT 4.0 Server, Enterprise Server or Terminal Server Edition

Want to download all of these updates from us? If you would like to make a donation to help towards our running costs, we will provide you with a download link to the files. Find out more.

Prerequisites

This guide assumes a certain level of system components have already been updated. These are the prerequisites for the installation:

 

Critical Updates:

Q293818 Erroneous VeriSign-Issued Digital Certificates Hazard
Q304158 HyperTerminal Buffer Patch
Q305399 Malformed Request can Cause RPC Service to Fail
Q305929 Certificates Invalid Digital Signature Error
Q314147 SNMP Vulnerability
Q311967 Unchecked buffer in the Multiple UNC Provider
Q313829 Unchecked Buffer in Windows Shell Could Lead to Code Execution
Q318138 Unchecked Buffer in RAs Phonebook Allows Code to Run
Q320206 Authentication Flaw in Windows Debugger Patch
Q320805 Jet 4.0 replication files
Q323172 Flaw in Certificate Enrollment Control
Q323255
Unchecked Buffer in Windows Help Facility Code Execution
Q326830 Unchecked Buffer in Network Share Provider DoS Issue
Q328310 WM_TIMER Message Handling Could Enable Privilege Elevation
Q329115 Certificate Validation Flaw Could Enable Identity Spoofing
Q810833 Unchecked Buffer in Locator Service Might Permit Code to Run
Q811493 Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges
Q811630 HTML Help Update to Limit Functionality When It Is Invoked in IE
Q814078 Flaw in Windows Script Engine May Allow Code to Run
Q815021 Unchecked Buffer in Windows Component May Cause Web Server Compromise
Q817606 Buffer Overrun in Windows Could Lead to Data Corruption
Q819696 Unchecked Buffer in DirectX System Compromise
Q823182 Vulnerability in Authenticode Verification Remote Code Execution
Q823559 Buffer Overrun in the HTML Converter Could Allow Code Execution
Q823803 Flaw in Windows Function Might Allow a Denial of Service
Q823980 Buffer Overrun In RPC Interface Could Allow Code Execution
Q824141 Buffer Overrun in the ListBox and ComboBox Control Code Execution
Q824146 Buffer Overrun in RPCSS May Allow Code Execution
Q825119 Buffer Overrun in Windows Help and Support Center
Q828035 Buffer Overrun in Messenger Service Code Execution
Q828741 Cumulative Update for RPC-DCOM
Q832483 Buffer overrun in an MDAC code execution
Q837001 Vulnerability in Jet Database Engine code execution
Q839645 Vulnerability in Windows Shell remote code execution
Q840315 Vulnerability in HTML Help code execution
Q841872 Vulnerability in POSIX code execution
Q841873 Vulnerability in Task Scheduler Code Execution
Q917344 JScript Remote Code Execution

Unofficially Supported: (Use with caution)

Q892211 Update for Web Folders
Q911562 MDAC function could allow code execution (Use Windows Millennium installer)
Q917344 JScript Remote Code Execution (Use Windows 2000 installer)

Recommended Updates:

2 to 4 digit Date Converter
Agent 2.0
Microsoft Jet 4.0 SP8
Microsoft Management Console 1.2
Q162500 Microsoft Paint Update NT 4.0
Q816093 Microsoft Java Virtual Machine 5.00.3810
Q823492 Error Message When You Use Named Pipes
Root Certificates Update
Windows Installer 2.0
MSXML 2.6 SP3
MSXML 4.0 SP3


Internet Explorer QFE's:

Q831167 Wininet retries POST requests with a blank header
Q833989 Buffer Overrun in JPEG Processing
Q837009 Cumulative Patch for Outlook Express April 2004
Q870669 Disable ADODB.Stream object from Internet Explorer
Q889293 Cumulative Patch December 1 2004

Q887797 Cumulative Update for OLE

Windows Media Player QFE's:

Q272386 Disable Windows Media Player Upgrade Prompt
Q320920 Windows Media Player Rollup Available


Additional Installation Items: