Windows NT 4.0 SRP Info

Last Update: Dec 03, 2024 | Published: Jan 07, 2009

SHARE ARTICLE

 

Post-Windows NT 4.0 Service Pack 6a Security Rollup Package (SRP)

Microsoft has released a Security Rollup Package (SRP) for Windows NT 4.0 that includes the functionality from all security patches released for Windows NT 4.0 since the release of Windows NT 4.0 Service Pack 6a (SP6a) . This small, comprehensive rollup of post-SP6a fixes provides an easier mechanism for managing the rollout of security fixes. Please refer to Microsoft Knowledge Base article 299444 for more information about this rollup package.
Download SRP for NT 4.0 (13.9mb, released July 26, 2001)link out ico

What is included in the SRP?

The following Microsoft Security Bulletins are included in the SRP:
Core OS

  • MS99-046 (243835) – Improve TCP Initial Sequence Number Randomness link out ico
  • MS99-047 (243649) – Malformed Spooler Request Vulnerability link out ico
  • MS99-055 (246045) – Malformed Resource Enumeration Argument Vulnerability link out ico
  • MS99-056 (248183) – Syskey Keystream Reuse Vulnerability link out ico
  • MS99-057 (248185) – Malformed Security Identifier Request Vulnerability link out ico
  • MS00-003 (247869) – Spoofed LPC Port Request Vulnerability link out ico
  • MS00-004 (249108) – RDISK Registry Enumeration File Vulnerability link out ico
  • MS00-005 (249973) – Malformed RTF Control Word Vulnerability link out ico
  • MS00-007 (248399) – Recycle Bin Creation Vulnerability link out ico
  • MS00-008 (250625) – Registry Permissions Vulnerability link out ico
  • MS00-021 (257870) – Malformed TCP/IP Print Request Vulnerability link out ico
  • MS00-024 (259496) – OffloadModExpo Registry Permissions Vulnerability link out ico
  • MS00-027 (259622) – Malformed Environment Variable Vulnerability link out ico
  • MS00-029 (259728) – IP Fragment Reassembly Vulnerability link out ico
  • MS00-036 (262694) – ResetBrowser Frame and Host Announcement Frame Vulnerabilities link out ico
  • MS00-040 (264684) – Remote Registry Access Authentication Vulnerability link out ico
  • MS00-047 (269239) – NetBIOS Name Server Protocol Spoofing Vulnerability link out ico
  • MS00-052 (269049) – Relative Shell Path Vulnerability link out ico
  • MS00-070 (266433) – Multiple LPC and LPC Ports Vulnerabilities link out ico
  • MS00-083 (274835) – Netmon Protocol Parsing Vulnerability link out ico
  • MS00-091 (275567) – Incomplete TCP/IP Packet Vulnerability link out ico
  • MS00-094 (276575) – Phone Book Service Buffer Overflow Vulnerability link out ico
  • MS00-095 (265714) – Registry Permissions Vulnerability link out ico
  • MS01-003 (279336) – Weak Permissions on Winsock Mutex Can Allow Service Failure link out ico
  • MS01-008 (280119) – Malformed NTLMSSP Request Can Enable Code to Run with System Privileges link out ico
  • MS01-009 (283001) – Malformed PPTP Packet Stream Can Cause Kernel Exhaustion link out ico
  • MS01-017 (293818) – Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard link out ico
  • MS01-041 (298012) – Malformed RPC Request Can Cause Service Failurelink out ico

Internet Information Server 4.0

  • MS99-003 (188348) – IIS Malformed FTP List Request Vulnerability link out ico
  • MS99-019 (234905) – Malformed HTR Request Vulnerability link out ico
  • MS99-022 (233335) – Double Byte Code Page Vulnerability link out ico
  • MS99-029 (238349) – Unauthorized Access to IIS Servers through ODBC Data Access with RDS link out ico
  • MS99-039 (241805) – Domain Resolution and FTP Download Vulnerabilities link out ico
  • MS99-053 (244613) – Windows Multithreaded SSL ISAPI Filter Vulnerability link out ico
  • MS99-058 (238606) – Virtual Directory Naming Vulnerability link out ico
  • MS99-061 (246401) – Escape Character Parsing Vulnerability link out ico
  • MS00-018 (252693) – Chunked Encoding Post Vulnerability link out ico
  • MS00-019 (249599) – Virtualized UNC Share Vulnerability link out ico
  • MS00-023 (254142) – Myriad Escaped Characters Vulnerability link out ico
  • MS00-030 (260205) – Malformed Extension Data in URL Vulnerability link out ico
  • MS00-031 (260838) – Undelimited .HTR Request and File Fragment Reading via .HTR Vulnerabilities link out ico
  • MS00-044 (267559) – Absent Directory Browser Argument Vulnerability link out ico
  • MS00-057 (269862) – File Permission Canonicalization Vulnerability link out ico
  • MS00-060 (260347) – IIS Cross-Site Scripting Vulnerabilities link out ico
  • MS00-063 (271652) – Invalid URL Vulnerability link out ico
  • MS00-078 (269862) – Web Server Folder Traversal Vulnerability link out ico
  • MS00-080 (274149) – Session ID Cookie Marking Vulnerability link out ico
  • MS00-086 (277873) – Web Server File Request Parsing Vulnerability link out ico
  • MS01-004 (285985) – Malformed .HTR Request Allows Reading of File Fragments link out ico
  • MS01-026 (295534) – Superfluous Decoding Operation Could Allow Command Execution via IIS link out ico

Index Server

  • MS00-006 (252463) – Malformed Hit-Highlighting Argument Vulnerability link out ico
  • MS01-025 (294472) and (296185) – Index Server Search Function Contains Unchecked Buffer link out ico
  • MS01-033 (300972) – Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise link out ico

Front Page Server Extensions

  • MS00-100 (280322) – Malformed Web Form Submission Vulnerability link out ico

What SRP does NOT include

The fixes for the following vulnerabilities affecting Windows NT 4.0 systems are not included in the SRP. Administrators should read the associated security bulletin to determine if these patches should be applied:
Core OS

  • MS01-022 (296441) – WebDAV Service Provider Can Allow Scripts to Levy Requests as User link out ico
  • MS00-079 – Hyperterminal issue (this patch was re-released after the NT4 SRP) link out ico

Front Page Server Extensions

  • MS01-035 (300477) – FrontPage Server Extension Sub-Component Contains Unchecked Buffer link out ico

Java Virtual Machine

  • MS00-081 (277014) – New Variant of VM File Reading Vulnerability link out icoWhich includes patches for:
    • MS99-031 : Virtual Machine Sandbox Vulnerability link out ico
    • MS99-045 : Virtual Machine Verifier Vulnerability link out ico
    • MS00-011 : VM File Reading Vulnerability link out ico
    • MS00-059 : Java VM Applet Vulnerability link out ico

The following fixes are not included in the SRP because they require administrative action rather than a software change. Administrators should ensure that in addition to applying this patch, they also have taken the administrative action discussed in the following bulletins:
Core OS

  • MS98-001 (169556) – Disabling Creation of Local Groups on a Domain by Non-Administrative Users link out ico
  • MS99-036 (155197) – Windows NT 4.0 Does Not Delete Unattended Installation File link out ico
  • MS99-041 (242294) – RASMAN Security Descriptor Vulnerability link out ico

Internet Information Server

  • MS98-004 (184375) – Unauthorized ODBC Data Access with RDS and IIS link out ico
  • MS99-013 (232449) – File Viewers Vulnerability link out ico
  • MS99-025 (184375) – Unauthorized Access to IIS Servers through ODBC Data Access with RDS link out ico

Front Page Server Extensions

  • MS00-025 (259799) – Link View Server-Side Component Vulnerability link out ico
  • MS00-028 (260267) – Server-Side Image Map Components Vulnerability link out ico

Download SRP1

To get more information about the security rollup and to download the package – 299444link out ico
Note for Hebrew Enabled users: Please make sure you select HEBREW from the drop down list of available languages!

SHARE ARTICLE