Arguably one of today's biggest risks for network security and compliance are lingering systems that are no longer supported by their vendors. The security flaws in these systems may have been widely known for years, as is the case with Windows NT 4.0.
Introduced in 1996, Microsoft's Windows NT 4.0 operating system was originally designated for obsolescence on December 31, 2003 but support was extended for an additional year. As of December 31, 2004, Microsoft stopped releasing security patches for Windows NT 4.0. That means that any vulnerability discovered in the platform after that date will NOT be fixed.
At least one vulnerability to a denial of service attack, MS03-010, is recognized by Microsoft as affecting NT 4.0 and received no hotfix patch. Microsoft cited the following in this instance: "The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability."
Full article at source...
News source: Help Net Security