Support for NT4 by Microsoft officially ended on 31/12/04. In January 2005, however they have released 2 new critical patches for NT4 Server Users.

Internet Explorer 6.0 Service Pack 1 is the target of the first one. Any of the supported platforms (NT4, Windows 2000 (SP3 and SP4), Windows XP (SP1 and SP2), Windows 2003, and Windows 98/ME.

The vulnerability relates to the Active X HTML component in IE. An attacker could create a malicious web page that could potentially allow remote code execution if a visiter visited that page."

The second concerns a bug in the cursor and icon format handling. Again this could allow remote code execution.

In both instances, the remote code aspect might allow an attacker to effectively take control.

Microsoft stated that it did not anticipate any more patches for NT4 vulnerabilities. "We reserve the right to produce updates and to make these updates available when necessary."

The ideal method, according to Microsoft is to upgrade to a later version of Windows.

Related Articles
SANS Warns On Trojans
Microsoft Upgrades
Be Wary of Windows XP SP2