Deciding which hotfixes you need
Determining which hotfixes you need to correct a particular security problem can be a tedious task. If you've ever visited Microsoft's FTP site looking for hotfixes, you've noticed the numerous patches available. In fact, as of October 1, 1998, I counted 45 post-Service Pack 3 (SP3) hotfix subdirectories at the site. A few hotfixes are obsolete, and their respective directories contain only a readme.txt file with a pointer to a current patch location.
You don't have to download every hotfix Microsoft publishes. Some hotfixes might not apply to software running on your system, and others might fix minor problems you're not interested in fixing, such as problems in assigning a drive letter to an Iomega Zip drive. But you need to download security-related hotfixes to keep your system safe.
To save you some time, I've undertaken the task of helping you decide which security hotfixes you need. I've discovered 16 Windows NT 4.0 post-SP3 hotfixes that correct particular security-related problems. This article briefly discusses each hotfix and directs you to Microsoft articles for more information on each hotfix. I've arranged the hotfixes categorically by major application to simplify your choice of appropriate hotfixes.
It is important to note that when you are considering which hotfixes will help protect your NT 4.0 system, you must consider what Microsoft-supported applications and hardware are running on that system. If you can't determine what hotfixes are on your NT systems, download a copy of SPQuery from MTE Software at http://www.mtesoft.com. SPQuery itemizes installed hotfixes for you and helps you download the hotfixes from within the SPQuery software. SPQuery can save a lot of time when it comes to patching NT systems. It costs about $195 for the network-enabled edition.
Locating Hotfixes
Microsoft stores US versions of NT hotfixes online at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/nt40/hotfixes-postsp3. You can get international versions of most Microsoft hotfixes by selecting your country's directory at ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes. If you have trouble accessing Microsoft's main FTP site due to routing problems or high traffic loads, try the alternative FTP site at ftp://198.105.232.37/fixes.
Unless otherwise noted below, you can find all the hotfixes in this article at the sites I've listed above. I've used the hotfix directory name to reference each hotfix so you know where to find each one on the FTP site.
Hotfixes for NT 4.0
The Snk-fix hotfix corrects a denial-of-service problem with the Rpcss.exe routine of the Remote Procedure Call Subsystem (RPCSS). Spoofing UDP packets directed at port 135--where they initiate a loop of rejection packets between systems--causes the denial-of-service (DoS) attack. The loop will not break until one of the servers drops the package. The loop causes high processor loads and unnecessary bandwidth usage. The Microsoft article "Rpcss.exe Consumes 100% CPU Due to RPC Spoofing Attack" at http://support.microsoft.com/support/kb/articles/q193/2/33.asp discusses this scenario.
The priv-fix hotfix corrects an OS problem in which, via the utility sechole .exe, any user can gain membership to the local Administrators group and gain local administrative privileges. The priv-fix hotfix ensures that the server, not the client, checks access rights. The Microsoft article "SecHole Lets Non-administrative Users Gain Debug Level Access" at http://support.microsoft.com/support/kb/articles/q190/2/88.asp describes the details.