Microsoft Windows NT Workstation Home   All Products  |   Support  |   Search  |   microsoft.com Home  
Microsoft
  Windows Home  |   E-newsletter  |
 
Search Microsoft.com for
Advanced Search
Downloads
Home

Downloads

Windows Update  

For Critical Updates released prior to September 1, 2000, please see the Archive section at the bottom of this page.

NOTE: As of January 1, 2004, all Windows NT Workstation downloads will be available through TechNet and the Download Center.

 FEATURED LINKS 
TechNet Security Center
Search the TechNet Security Center for hotfixes and bulletins by product, technology, service pack level, date, or severity, and find what you need to respond to current security issues.
Keep Your Computer Up to Date
Visit the Microsoft Download Center to make sure you have all of the current recommended downloads for your computer. Search by product, category, technology, keyword, or language to find exactly what you're looking for.
 CRITICAL UPDATES 
KB828035: Security Update for Microsoft Windows NT Workstation 4.0
A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft Windows NT Workstation 4.0 and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
KB825119: Security Update for Microsoft Windows NT Workstation 4.0
A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft Windows XP and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
KB824141: Security Update for Microsoft Windows NT Workstation 4.0
A security issue has been identified that could allow an attacker to compromise a computer running Microsoft Windows and gain control over it. To attempt an attack, the attacker would have to be able to log on to the computer. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
KB823182: Security Update for Microsoft NT Workstation 4.0
A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft Windows and gain complete control over it. For example, an attacker could execute code on your system. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
Security Update, September 10, 2003
A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
Security Update, April 2, 2001
This update resolves the "Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard" security vulnerability, and is discussed in Microsoft Security Bulletin MS01-017. Download now to prevent an unauthorized user from running code on your computer by digitally signing programs as "Microsoft Corporation."
Security Update, February 14, 2001
This update resolves the "Malformed PPTP Packet Stream" security vulnerability in Windows NT® 4.0, and is discussed in Microsoft Security Bulletin MS01-009. Download now to prevent a malicious user from causing your server to stop responding or fail.
Security Update, February 7, 2001
This update resolves the "NTLMSSP Privilege Elevation" security vulnerability present in Windows NT® 4.0, and is discussed in Microsoft Security Bulletin MS01-008. Download now to prevent a malicious user from gaining administrative access to your computer.
Security Update, January 31, 2001
This update resolves the "Winsock Mutex" security vulnerability in Windows NT® 4.0, and is discussed in Microsoft Security Bulletin MS01-003. Download now to prevent a malicious user from running a special program to disable your network functionality.
Security Update, December 7, 2000
This update resolves the "Phone Book Service Buffer Overflow" security vulnerability in Windows NT® 4.0. The Phone Book Service that runs on Internet Information Server (IIS) 4.0 has an unchecked buffer (a temporary data storage area) in the code that processes requests for phone book updates. A specifically malformed HTTP request from a malicious user can cause a buffer overflow in the Phone Book Service, which might allow the malicious user to run unauthorized code on the server, or cause the service to fail. Download now to prevent a malicious user from running code to add, change, or delete data on your Web server.
Security Update, December 5, 2000
This update resolves the "Incomplete TCP/IP Packet" security vulnerability in Windows NT® 4.0. If a malicious user sends a large number of specifically malformed data packets to a Windows NT 4.0 computer on a network that uses the NetBIOS over TCP/IP (NBT) protocol, the affected computer temporarily stops responding to all network requests. This occurs because Windows NT 4.0 cannot process these data packets correctly using the NBT protocol. In rare cases, an attack can cause the affected computer to remain unresponsive until it is rebooted. Download now to ensure your Windows NT 4.0 computer is able to process invalid TCP/IP packets correctly.
Security Update, November 9, 2000
This update resolves the "IIS Cross-Site Scripting" security vulnerability in Internet Information Services (IIS) 5.0 and Internet Information Server (IIS) 4.0. This vulnerability could enable a malicious user to run code on another user's computer, disguised as a third-party Web site. If a malicious user exploits this vulnerability successfully, a Web site hosted by your server can be used to run code, forward information, and read or write cookies on the computer of any visiting user. Download now to prevent a malicious user from introducing code on your Web server and returning that code as a Web page (hosted by your server) to visiting browsers.
Security Update, October 27, 2000
This update resolves the "Session ID Cookie Marking" security vulnerability in Internet Information Server (IIS) 4.0 and Internet Information Services (IIS) 5.0. When using .asp files, IIS cannot differentiate between secure and non-secure Session ID cookies (small data files that identify you to a Web site as you move around within that site). This update enables .asp files to mark Session ID cookies as "secure." Download now to prevent a malicious user from connecting to the Web page you are viewing, assuming your identity, and placing orders or viewing your personal information. Note This update has been revised as of November 20, 2000. Microsoft recommends that you install this version of the update.
Security Update, October 7, 2000
This update resolves the "Multiple LPC and LPC Ports" security vulnerability in Windows 2000 and Windows NT® 4.0. Local Procedure Call (LPC) is a message-passing service provided by Windows NT 4.0 and Windows 2000. LPC ports are channels within LPC that allow threads (a series of messages that have been posted as replies to each other) within a communication process to coordinate LPC requests. Windows 2000 and Windows NT 4.0 are unable to handle unexpected LPCs properly. If a malicious user makes process requests in an invalid order, or uses invalid parameters, it could cause your computer to fail or permit a malicious user to impersonate your privileges and eavesdrop. Download now to prevent a malicious user from causing your computer to fail, impersonating your privileges, or causing the client or server to fail by posing as the client or server and sending random data.
Security Update, September 8, 2000
This update resolves the "Invalid URL" security vulnerability in Internet Information Server (IIS). If an invalid URL is sent to a server with this vulnerability, it could, under certain conditions, cause the server to access invalid memory and cause IIS to fail. Download now to prevent a malicious user from disabling requests for Web pages, File Transfer Protocol services, and other services provided by IIS.
Security Update, September 1, 2000
This update resolves the "Internet Information Server Cross-Site Scripting" security vulnerability in Internet Information Server (IIS) 4.0. Download now to prevent a malicious user from introducing code on your Web server, where that code could be returned as a Web page (hosted by your server) to any visiting browser. Ultimately, if a malicious user is successful in exploiting this vulnerability, a Web site hosted by your server can be used to run more code, forward information, and read or write cookies on the computer of any visiting user. Note This update only resolves the vulnerability found in IIS. Microsoft recommends that all customers who are hosting Web sites contact the suppliers of all software programs that are running on their servers, and verify that the vendor has reviewed each software program for CSS vulnerabilities. Static Web pages cannot be exploited by this CSS vulnerability, customers whose Web servers only supply static content do not need to install this update.
 RECOMMENDED UPDATES 
 FEATURED UPDATES 
Internet Explorer
Download the latest version of Internet Explorer to browse, communicate and collaborate on the Web.
Windows NT 4.0 Resource Kit Support Tools
7,220 KB | 60 Min @ 28.8
Help you support, administer, and troubleshoot the Windows NT Server 4.0 and Windows NT Workstation 4.0 platforms.
 SERVICE PACKS 
Windows NT 4.0 Service Pack 6a
The latest update for Microsoft Windows NT Server 4.0 and Windows NT Workstation 4.0, Service Pack 6a (SP6a) provides recommended performance and security enhancements.
Windows NT 4.0 Service Pack 5
Released in May 1999, Service Pack 5 (SP5) provides performance updates for Microsoft Windows NT Server 4.0 and Windows NT Workstation 4.0. Service Pack 6a is the latest update.
Windows Library Update
1,434 KB | 12 Min @ 28.8
This update resolves an issue that can cause some third party software to behave unexpectedly after the installation of the Works Suite 99, Encarta Encyclopedia 99 (US only), Encarta Virtual Globe 99, Studio Greetings 99, and/or other third party software.
Windows NT 4.0 Option Pack
A new set of Web and application services, including IIS 4.0, Transaction Server 2.0, Message Queue Server 1.0, Internet Connection Services for Microsoft RAS, and Personal Web Server.
Windows Service Pack 4
Provides improved management, security, and availability capabilities for Windows NT 4.0 and helps IT professionals prepare their networks for the year 2000 and euro currency changes. All SP4 updates are included in SP5.
 POWER TOYS 
 NETWORKING 
Desktop Menu
3 KB | <1 Min @ 28.8
Open items on your desktop from a convenient menu on the Taskbar.
Explore From Here
625 KB | 5 Min @ 28.8
Open the explorer from where you are on the network or on your own computer's file system.
Find X 1.2
1,479 KB | 12 Min @ 28.8
Adds drag-and-drop capabilities to your Find menu.
Tweak UI 1.33
64 KB | 1 Min @ 28.8
With the Tweak UI 1.1 update you can adjust your Windows user interface by customizing your menu speed, window animation, and Internet Explorer.
Shortcut Target Menu 1.2
1,911 KB | 16 Min @ 28.8
With the Shortcut Target Menu you can find out the properties for the file to which a shortcut is pointing.
 OTHER DOWNLOADS 
Active Directory Client Extensions for NT Workstation 4.0
Active Directory Client Extensions allow Windows NT Workstation 4.0 clients to take advantage of features provided by the Windows 2000 Active Directory service.
Active Directory Service Interfaces (ADSI) 2.5
This release of Microsoft Active Directory Service Interfaces version 2.5 (ADSI) enables developers to create directory management applications using high-level tools such as Microsoft Visual Basic, Java, or C/C++
 ARCHIVE 
Critical Update, August 22, 2000
This update resolves the "Program Hangs During Unload with Secure Connection" issue in Windows NT® 4.0 DEC Alpha. Download now to prevent problems while using a dynamic-link library (DLL) which may cause your computer to stop responding or download improperly. If you run a program linked to a DLL, and that DLL connects to a secure server using Secure Sockets Layer (SSL) and Wininet.dll application interfaces, the program may not download properly and your computer may stop responding.
Security Update, August 18, 2000
This update resolves the "NetBIOS Name Server Protocol Spoofing" security vulnerability in some Windows-based networks. Installing this update will prevent a malicious user from misusing the Name Conflict and Name Release mechanisms that are part of Windows Internet Name Service (WINS). If this vulnerability is exploited, Windows 2000 and Windows NT® 4.0 computers would be unable to register a name on the network, or would lose their current name registration, making these computers unavailable as network resources.
Security Update, August 15, 2000
This update resolves the "Web Server Folder Traversal" security vulnerability in Internet Information Server (IIS).  Download now to prevent a malicious user from executing operating system commands on a Web server.
Critical Update, August 14, 2000
This update resolves the "High Encryption Configuration Prevents Outlook Express Replies" issue in some Windows 98, Windows 95, and Windows NT® 4.0 computers. A computer is only vulnerable if it is configured with 128-bit encryption and the Input Locale is set to French. If a computer with this configuration receives an Outlook® Express e-mail message from a computer with 56-bit encryption, replying to this e-mail message may cause the computer with 128-bit encryption to stop responding.
Security Update, July 18, 2000
This update resolves the "Remote Registry Access Authentication" vulnerability in Windows NT 4.0. Installing this update prevents a malicious user from remotely accessing your computer's registry and causing Windows NT 4.0 to fail. This vulnerability could only be exploited under very specific conditions, and the malicious user would need to have an authorized account and password for remote logon to your computer.
Security Update, July 17, 2000
This update resolves two security vulnerabilities in Internet Information Server (IIS) 5.0 and IIS 4.0, the "Absent Directory Browser Argument" vulnerability and the "File Fragment Reading via .HTR" vulnerability. Installing this update will prevent a malicious user from exploiting these vulnerabilities to slow performance on an affected Web server or, under very specific conditions, obtain the source code of certain types of files on a Web server. The referenced .HTR files are scripts that Windows NT users can employ to change passwords, and that administrators can use to perform a variety of password administration functions. Neither of these vulnerabilities allows data to be changed, added, or deleted on the server, nor do they allow administrative control over the affected computer.
Security Update, July 13, 2000
This update resolves the "Recycle Bin Creation" security vulnerability in Windows NT® 4.0. Under very specific conditions, a malicious user may be able to gain inappropriate access to files in the Recycle Bin. To exploit this vulnerability, the malicious user must log on to your computer at your keyboard. Download now to prevent a malicious user from creating, modifying, or deleting files in your computer's Recycle Bin.
Critical Update, June 15, 2000
This update resolves the "High Encryption Configuration Prevents Outlook Express Replies" issue in some Windows NT 4.0 computers. A Windows NT 4.0 computer is only vulnerable if it is configured with 128-bit encryption and the Input Locale is set to French. If a computer with this configuration receives an Outlook Express e-mail message from a computer with 56-bit encryption, replying to this e-mail message may cause the computer with 128-bit encryption to stop responding.
Security Update, June 6, 2000
This update resolves the "ResetBrowser Frame" and "HostAnnouncement Flooding" security vulnerabilities in Windows 2000 and Windows NT 4.0. Installing this update will prevent a malicious user from denying network users the ability to locate services or other computers on the network. Without this update, the malicious user may also be able to provide inaccurate information to network users.
Security Update, May 19, 2000
This update resolves the "IP Fragment Reassembly" security vulnerability in Windows NT 4.0. Installing this update will minimize the negative effects that fragmented Internet Protocol (IP) datagrams could have on your computer's central processing unit (CPU). IP datagrams are a necessary part of network and Internet communication. If a continuous stream of fragmented IP datagrams with a particular malformation were sent to an affected computer, it could be made to devote most or all of its CPU availability to processing these fragments. The vulnerability does not allow a malicious user to compromise data on the computer or take administrative control over it.
Security Update, April 17, 2000
This update eliminates the "Malformed TCP/IP Print Request" vulnerability found in the TCP/IP Printing Services for Windows NT 4.0 and Windows 2000 (in Windows 2000, the service is referred to as "Print Services for Unix"). This is an optional service used primarily in mixed Windows NT-Unix environments, and is not installed by default. Installing this update will prevent a malicious user from disrupting printing services on a network that has installed TCP/IP Printing Services. The native Windows NT and Windows 2000 printing service is not affected by this vulnerability.
Euro Currency Support for Windows NT 4.0
Adds euro currency symbol support to the Windows NT 4.0 operating system
Security Update, January 17, 2000
This update will eliminate the "Malformed RTF Control Word" vulnerability. With this update, you can prevent a malicious user from sending a specially malformed e-mail and crashing your e-mail reader.
Security Update, September 30, 1999
This update eliminates two security vulnerabilities in Internet Explorer: 1) ImportExportFavorites Issue and 2) Unsafe ActiveX Controls. Installing this update will prevent a web site operator from writing malicious files to your computer and, it will also prevent a web site from running several unsafe ActiveX controls without your permission.
Security Update, September 7, 1999
Update for Security Vulnerabilities in "Scriptlet.typlib" and "Eyedog" ActiveX Controls. This update eliminates the "scriptlet.typlib/eyedog" security vulnerability. Download now to prevent a malicious user from performing unauthorized actions on your computer.


Last Updated: Monday, April 16, 2001
© 2005 Microsoft Corporation. All rights reserved. Terms of use.