Here is a posting from SANS that deals with the problem of Windows NT.
A number of readers have asked about NT 4.0 recently with regards to vulnerability advisories or exploits. I have found that one of the best ways to protect legacy applications and operating systems is to isolate them. Ideally only those clients/users that absolutely must access these systems should be able to. This can be accomplished at the switch, router, firewall, proxy, or at the end point. The painful part of the process is establishing who must access what, and then which protocols are actually needed. Then figure out where you can best form an ‘enclave’ or internal perimeter with access control. This isn’t ideal, but can shield these systems from a worm or unauthorized access. You also need to determine the value of the data/service that these systems have. If they are performing a valuable service, or hold critical data you really should be protecting them. The unfortunate truth is that NT 4.0 is dead, and really should not be used.
Sadly, more companies use this than really should. Companies should stop using this OS, full stop. I’m in a shop that still has a couple of these lingering. And wow, is it ever frustrating trying to pull that from the white knuckled grip of developers that don’t want to/or know how to upgrade their applications.
[tags]NT 4.0, Old Operating Systems, OS Security[/tags]