Rather than fix a vulnerability in Windows NT, despite it being supported, Microsoft would rather you upgrade to a newer version of Windows. Breaking support agreements by not fixing a serious vulnerability is negligent.

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-010.asp

Microsoft has provided patches with this bulletin to correct this vulnerability for Windows 2000 and Windows XP. Although Windows NT 4.0 is affected by this vulnerability, Microsoft is unable to provide a patch for this vulnerability for Windows NT 4.0. The architectural limitations of Windows NT 4.0 do not support the changes that would be required to remove this vulnerability. Windows NT 4.0 users are strongly encouraged to employ the workaround discussed in the FAQ below, which is to protect the NT 4.0 system with a firewall that blocks Port 135.

This is what is says on their end of life support page for NT 4.0

http://support.microsoft.com/default.aspx?scid=fh;[ln];lifean3

Key Dates:
Security hotfix support will now be provided through December 31, 2004 at no additional cost.
Paid-incident support will now be provided through December 31, 2004 through regular support channels.
Non-security hotfix support will end December 31, 2003

Details:
Windows NT Server 4.0 incident and hotfix (both security and non-security) support was scheduled to end on December 31, 2003. However, based on feedback from customers, Microsoft decided to continue Windows NT Server 4.0 incident and security hotfix support through December 31, 2004. Support for non-security hotfixes will not be extended, and will end as previously announced on December 31, 2003.
main page ATTRITION feedback