Service Pack 4’s Clean Release

With one month gone by since the introduction of Service Pack 4 (SP4), this release is looking to be Microsoft Corp.’s most solid service pack yet.

With one month gone by since the introduction of Service Pack 4 (SP4), this release is looking to be Microsoft Corp.’s most solid service pack yet. Less than a month after the release of Service Pack 2 (SP2) for Windows NT 4.0 in December 1996, newsgroups were buzzing about SP2-specific bugs that, in many cases, could cause Windows NT installations to behave erratically or suffer from Blue Screens of Death. The weeks following the May 1997 release of Service Pack 3 (SP3) for Windows NT -- while relatively incident-free -- also witnessed the disclosure of a number of SP3-specific problems. Microsoft’s good fortune this time around is no accident.

Following the debacle of SP2, Microsoft implemented a beta-testing cycle for subsequent service pack releases. This program resulted in SP3’s debut to be far more solid than SP2, and now SP4 appears to be cleaner than SP3.

Although many IT professionals have deployed SP4 on non-critical systems, still more are wary of the past and put off rolling out SP4 on mission-critical systems. "[SP4 has] fared better than SP2, but it is still too early to judge whether or not [it] will be another SP3, or if we will see even less post-SP4 hot fixes," says Frank Knobbe, a senior security consultant with systems integrator MicroAge (Nashville, Tenn.,

To date, Microsoft has released a single post-SP4 hotfix, NPRPC-FIX, which the company indicates protects SP4-updated systems against a new RPC-based denial of service attack that targets either Windows NT’s SPOOLSS.EXE or LSASS.EXE processes.

SP4, however, has introduced its share of problems. Most cannot be attributed to the service pack itself, but rather to conflicts or problems that occur following the application of the service pack to systems running software applications such as NetWorker 5.1 from Legato Systems Inc. (Palo Alto, Calif.,, ARCserve 6.5 from Computer Associates Int’l Inc. (CA) or the Oracle Application Server (OAS) from Oracle Corp.

Several NetWorker users indicated via posts to the Windows NT Bugtraq mailing list ( that Windows NT systems on which SP4 has been installed no longer can complete NetWorker system backups. For its part, Legato claims to have tested Legato NetWorker 5.1 with SP4 applied and to have encountered no difficulties. "Our QA department has tested NetWorker 5.1 for NT with SP4 applied and it works fine, therefore we do support SP4," a Legato official confirmed.

Some ARCserve 6.5 users have also complained that post-SP4 updated systems require backup operators to log in with Administrator-level privileges. While CA maintains that this is not a problem, a source close to CA indicated that a workaround or fix will likely be included in the upcoming version 6.6 of ARCserve.

Oracle Corp. acknowledged an SP4-specific problem that affects version of the OAS. Accordingly, Oracle indicates that applying SP4 to Windows NT systems running OAS will prevent the OAS Web Server from initializing or operating correctly in 90 percent of cases.

According to MicroAge’s Knobbe, these types of problems are to be expected because of the fundamental architectural changes that SP4 implements as a harbinger of Microsoft’s Windows 2000 release. "Since SP4 implements some fundamental changes in preparation for the coming Windows 2000 … there are different caveats than [those that obtained] with SP3," Knobbe observes. "It appears that manufacturers have more to do to catch up with SP4 than they did with SP3. [Where] SP3 was more a collection of fixes, SP4 seems to contain not only fixes, but also other enhancements and updated drivers … that are the cause of most of the issues we see with SP4."

In the view of Russ Cooper, president of R.C. Consulting Inc. (Lindsay, Ontario) and moderator of the NTBugtraq mailing list, IT mangers can avoid SP4’s few pitfalls by exercising a bit of due diligence prior to deploying SP4 on mission critical systems. "Many of the problems people are experiencing disappear when they do the installation from a CD rather than from the download," he observed in a post to the Bugtraq discussion list. "Even more [problems] disappear when you check with your various vendors … to see if they have a patch or update for SP4."

Cooper has created an adjunct to his main NT Bugtraq Web site at to serve as a resource center where IT professionals can locate information concerning possible SP4 problems, as well as post SP4-specific problems of their own.