Windows NT 4.0 Workstation was released in 1996 providing
an unprecedented level of security and corporate networking services.
To this day the Windows NT 4.0 family remains a productive
and viable operating system, a credit to those who wrote it. Unfortunately
in June 2003 the life cycle of Windows NT 4.0 Workstation
came to an end, to be followed a year later with the retirement
of the Server and Terminal Server versions. Workstation, like all
NT versions shares the same core code with its larger server family
members, allowing for easier QFE (Quick Fix Engineering)
updates. Although NT 4.0 is now retired, meaning updates
and supported software will hence forth fade out. The patching process
is still fairly easy. At this time still allowing you to secure
your system against the vast majority of modern issues.
It is important to remember if using Windows NT 4.0 Workstation
that it is no longer a supported Operating System. Currently most
software required to provide additional security will function.
If your system can support it we recommend looking to upgrade to
a newer operating system. Especially if you are hosting a IIS based
web server from you installation.
We recommend that you ensure that you have adequate Firewall
and Anti-Virus applications installed on your system and
that they are current. Minimising any network shares that you setup
on the computer should also be considered. If you are using your
install to serve information to the Internet, such as using Personal
Web Server or Internet Information Server to host a web
site. Ensure that you are using IIS / PWS 4.0 and have all the latest
security updates as well as running IIS
Lockdown.
As of April 13th 2005 through installation
testing HPC:Factor has concluded that Microsoft no longer plan to issue security
updates for NT 4.0, and have taken active steps to prevent consumer users from
installing Internet Explorer 6.0 SP1 updates onto NT 4.0 SP6a.
Aside from the exception of an unlikely core vulnerability update, we do not
expect to see any further QFE's for NT4 Workstation and as from Midnight April
14th 2005 this guide will be deemed Final Revision.
HPC:Factor will continue to monitor for the release of emergency consumer updates,
and alert users as applicable.
~ HPC:Factor CESD Team
If you can start with a fresh install of Windows NT 4.0
we recommend that you do the following:
- Perform a fully custom installation
- Only select the optional components that YOU need
- Do not install Dial-up networking (RAS) if you do not need dial-up
(RAs will be required for hosting CE 1.0 synchronisation)
- Do not install LAN components unless you need it
- When installing a LAN, make sure not to install unneeded components
and protocols.
- If you install any software pre 1999, modify any Windows components
that require the Windows NT 4.0 CD, reapply Service Pack 6a
Recommended Installation Procedure
Before installing any operating system it is important to have
all of the pieces of information and software that you will need
in order to successfully get up and running.
The main information that you will require are:
- Product Installation Key
- Network information (If Applicable)
- Make and Model of your system hardware
- System Drivers, (notably Display, Modem and Network)
Drivers will have come with your PC, its hardware
or both. It is important to note however that these drivers may
not be current versions. Having updated drivers can provide
significant performance benefits for your PC. We recommend
that you crate a list of all the manufacturers of your system hardware
and then check their web sites for current drivers.
NB: If you are installing a Network Interface
Card in your PC, ensure that you have its drivers on a floppy disk.
- Turn off your computer and insert Setup Disk 1 into your floppy
drive
- If your hard drive partition is larger than 8GB or you are installing
to a partition higher than 8GB see Q197667
- Turn on your computer and follow the Text Mode on-screen instructions
- When Graphical mode begins enter your Name, Company information
and product key when prompted
- When prompted to chose an installation type select Custom
- Go through each of the Installation Options and choose the components
that you need, click Details to see more on each category
- On the Network Installation Screen, if you need a Network Card
and it wasn't automatically detected add it using the drivers
on the floppy disk.
- Ensure that you only install the protocols that you need.
Most LAN's require TCP/IP and not NetBEUI or IPX/SPX
- Accept the default Network Services
- Complete the installation, providing additional drivers and
information if required
- Once on the Windows NT 4.0 Desktop, install the rest of your
Hardware drivers
- Install the Service Packs and SRP's section from the Patches
and Updates Guide below
- Install Microsoft Internet Explorer 6.0 SP1 and the Desktop
Shell Update+*^
- Follow through the rest of the Windows
NT4 Patches & Updates Guide (Below), installing
the updates, fixes and add-ons listed
- Install your preferred web browser if you wish to use an additional
one, ensuring you have the latest version
- Visit Windows
Update to check for anything additional that you are missing
on your system configuration
* Although you may not actively use Microsoft Internet Explorer, installing
it updates system components and security. Many other applications that
you will need in order to Synchronise with your Handheld PC will require
Internet Explorer. It is best to do it now
+ The Desktop Shell Update is not available in Internet Explorer 6. Installing
Internet Explorer 4.01 SP2 will install the Shell update, then install
IE 6.0 SP1 afterwards. HPC Factor offers both IE 5.5 SP2 with Active Desktop
and IE 6.0 SP1 as a download here
^ Internet Explorer 4.01 SP2 is no longer available for download from
Microsoft.com
Windows NT 4.0 Patches & Updates Guide
The following list of updates will provide you with the highest
level of security available to Windows NT 4.0. The Approximate total
download size of all the listed updates is 89.43MB
NB: This guide does not cover Internet Information Server (IIS) or Personal Web Server (PWS) updates, it also does not fully cover Windows NT 4.0 Server, Enterprise Server or Terminal Server Edition
Want to download all of these updates from us? If you would like to make a donation to help towards our running costs, we will provide you with a download link to the files.
Find out more.
Prerequisites
This guide assumes a certain level of system components have already been updated.
These are the prerequisites for the installation:
Critical Updates:
Q293818
Erroneous VeriSign-Issued Digital Certificates Hazard
Q304158
HyperTerminal Buffer Patch
Q305399
Malformed Request can Cause RPC Service to Fail
Q305929
Certificates Invalid Digital Signature Error
Q314147
SNMP Vulnerability
Q311967
Unchecked buffer in the Multiple UNC Provider
Q313829
Unchecked Buffer in Windows Shell Could Lead to Code Execution
Q318138
Unchecked Buffer in RAs Phonebook Allows Code to Run
Q320206
Authentication Flaw in Windows Debugger Patch
Q320805 Jet 4.0 replication files
Q323172
Flaw in Certificate Enrollment Control
Q323255 Unchecked Buffer in Windows Help Facility Code Execution
Q326830
Unchecked Buffer in Network Share Provider DoS Issue
Q328310
WM_TIMER Message Handling Could Enable Privilege Elevation
Q329115
Certificate Validation Flaw Could Enable Identity Spoofing
Q810833
Unchecked Buffer in Locator Service Might Permit Code to Run
Q811493
Buffer Overrun in Windows Kernel Message Handling Could Lead to
Elevated Privileges
Q811630
HTML Help Update to Limit Functionality When It Is Invoked in IE
Q814078
Flaw in Windows Script Engine May Allow Code to Run
Q815021
Unchecked Buffer in Windows Component May Cause Web Server Compromise
Q817606
Buffer Overrun in Windows Could Lead to Data Corruption
Q819696
Unchecked Buffer in DirectX System Compromise
Q823182
Vulnerability in Authenticode Verification Remote Code Execution
Q823559
Buffer Overrun in the HTML Converter Could Allow Code Execution
Q823803
Flaw in Windows Function Might Allow a Denial of Service
Q823980
Buffer Overrun In RPC Interface Could Allow Code Execution
Q824141
Buffer Overrun in the ListBox and ComboBox Control Code Execution
Q824146
Buffer Overrun in RPCSS May Allow Code Execution
Q825119
Buffer Overrun in Windows Help and Support Center
Q828035
Buffer Overrun in Messenger Service Code Execution
Q828741
Cumulative Update for RPC-DCOM
Q832483
Buffer overrun in an MDAC code execution
Q837001
Vulnerability in Jet Database Engine code execution
Q839645
Vulnerability in Windows Shell remote code execution
Q840315
Vulnerability in HTML Help code execution
Q841872
Vulnerability in POSIX code execution
Q841873
Vulnerability in Task Scheduler Code Execution
Q917344 JScript Remote Code Execution
Unofficially Supported: (Use with caution)
Q892211 Update for Web Folders
Q911562 MDAC function could allow code execution (Use Windows Millennium installer)
Q917344 JScript Remote Code Execution (Use Windows 2000 installer)
Recommended Updates:
2
to 4 digit Date Converter
Agent 2.0
Microsoft Jet
4.0 SP8
Microsoft
Management Console 1.2
Q162500 Microsoft Paint Update NT 4.0
Q816093 Microsoft Java Virtual
Machine 5.00.3810
Q823492 Error Message When You Use Named Pipes
Root Certificates
Update
Windows
Installer 2.0
MSXML 2.6 SP3
MSXML 4.0 SP3
Internet Explorer QFE's:
Q831167
Wininet retries POST requests with a blank header
Q833989
Buffer Overrun in JPEG Processing
Q837009
Cumulative Patch for Outlook Express April 2004
Q870669
Disable ADODB.Stream object from Internet Explorer
Q889293
Cumulative Patch December 1 2004
Q887797
Cumulative Update for OLE
Windows Media Player QFE's:
Q272386
Disable Windows Media Player Upgrade Prompt
Q320920
Windows Media Player Rollup Available
Additional Installation Items:
