Windows Server

Windows NT 4.0 SRP Info


Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)

Microsoft has released a Security Rollup Package (SRP) for Windows NT 4.0 that includes the functionality from all security patches released for Windows NT 4.0 since the release of Windows NT 4.0 Service Pack 6a (SP6a) . This small, comprehensive rollup of post-SP6a fixes provides an easier mechanism for managing the rollout of security fixes. Please refer to Microsoft Knowledge Base article 299444 for more information about this rollup package.

Download SRP for NT 4.0 (13.9mb, released July 26, 2001)

What is included in the SRP?

The following Microsoft Security Bulletins are included in the SRP:

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Core OS

Internet Information Server 4.0

Index Server

Front Page Server Extensions

What SRP does NOT include

The fixes for the following vulnerabilities affecting Windows NT 4.0 systems are not included in the SRP. Administrators should read the associated security bulletin to determine if these patches should be applied:

Core OS

  • MS01-022 (296441) – WebDAV Service Provider Can Allow Scripts to Levy Requests as User
  • MS00-079 – Hyperterminal issue (this patch was re-released after the NT4 SRP)

Front Page Server Extensions

  • MS01-035 (300477) – FrontPage Server Extension Sub-Component Contains Unchecked Buffer

Java Virtual Machine

  • MS00-081 (277014) – New Variant of VM File Reading Vulnerability Which includes patches for:
    • MS99-031 : Virtual Machine Sandbox Vulnerability
    • MS99-045 : Virtual Machine Verifier Vulnerability
    • MS00-011 : VM File Reading Vulnerability
    • MS00-059 : Java VM Applet Vulnerability

The following fixes are not included in the SRP because they require administrative action rather than a software change. Administrators should ensure that in addition to applying this patch, they also have taken the administrative action discussed in the following bulletins:

Core OS