@echo off

REM ##############################################################################
REM
REM Windows NT 4.0 SP6a patch script by Doc Rice v1.2
REM This script requires the use of REG.EXE from the Windows NT 4.0 Resource Kit 
REM and the SLEEP.EXE utility.
REM
REM An updated version of REG.EXE utility can be found at:
REM 
REM ftp://ftp.microsoft.com/bussys/winnt/winnt-public/reskit/nt40/i386/reg_x86.exe
REM
REM SLEEP.EXE can be found at:
REM
REM http://www2.gol.com/users/trane/programming/programming.html
REM
REM
REM WARNING: This script assumes your Windows NT 4.0 has been installed with
REM defaults without Active Desktop installed (Q311967 requires a different patch
REM otherwise).  Q318138 requires a different patch if using RRAS.  This script 
REM does is not intended for Terminal Server Edition.
REM
REM Please see http://winpatch.homeip.net for updated information.
REM
REM ##############################################################################


color 1F
title Windows NT 4.0 SP6a Hotfix Install
.\REG\REG.EXE QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009" > NUL || goto nosp6a
echo Installing patches for Windows NT 4.0 SP6a...
echo --------------------------------------------------------------------------------
echo Patch list updated as of 2/20/2005.
echo.
echo.
echo.


REM -------------------------------------------------------------

setlocal

for /f "tokens=2 delims=, " %%i in ('.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType"') do set NT40_Version=%%i

echo.
echo Checking for MS00-079: Patch for "HyperTerminal Buffer Overflow" Vulnerability In Windows NT 4.0
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q304158\Comments" /s || echo Patching for Q304158... && .\OS\Q304158\Q304158i.exe -q -m -z

echo.
echo Checking for MS01-041: Q299444
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q299444\Comments" /s || echo Patching for Q299444... && .\OS\Q299444\Q299444i.exe -q -m -z

echo.
echo Checking for MS02-006: An Unchecked Buffer in the SNMP Service May Allow Code to Run
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q314147\Comments" /s || echo Patching for Q314147... && .\OS\Q314147\Q314147i.exe -q -m -z

echo.
echo Checking for MS02-024: Authentication Flaw in Windows Debugger Can Cause Elevated Privileges
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q320206\Comments" /s || echo Patching for Q320206... && .\OS\Q320206\Q320206i.exe /q /m /z

echo.
echo Checking for MS02-029: Unchecked Buffer in Remote Access Service Phonebook Allows Code to Run
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q318138\Comments" /s || echo Patching for Q318138... && .\OS\Q318138\Q318138i.exe /q /m /z

echo.
echo Checking for MS02-045: Unchecked Buffer in Network Share Provider May Lead to Denial-of-Service
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q326830\Comments" /s || echo Patching for Q326830... && .\OS\Q326830\Q326830i.exe /q /m /z

echo.
echo Checking for MS02-048: Flaw in Certificate Enrollment Control May Cause Digital Certificates to Be Deleted
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q323172\Comments" /s || echo Patching for Q323172... && .\OS\Q323172\Q323172i.exe -q -z

echo.
echo Checking for MS03-001: Unchecked Buffer in the Locator Service Might Permit Code to Run
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q810833\Comments" /s || echo Patching for Q810833... && .\OS\Q810833\Q810833i.EXE /q /z

echo.
echo Checking for MS03-007: Unchecked Buffer in Windows Component May Cause Web Server Compromise
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q815021\Comments" /s || echo Patching for Q815021... && .\OS\Q815021\Q815021i.EXE /q /z

echo.
echo Checking for MS03-024: Buffer overrun in Windows could lead to data corruption
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q817606\Comments" /s || echo Patching for Q817606... && .\OS\Q817606\Q817606i.EXE /q /z

echo %NT40_Version% | find /i "winnt" && goto q823803
echo.
echo Checking for MS03-034: Flaw in NetBIOS could lead to information disclosure
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824105\Comments" /s || echo Patching for Q824105... && .\OS\Q824105\WindowsNT4Server-KB824105-x86-ENU.EXE /q /z

:q823803
echo %NT40_Version% | find /i "winnt" && goto q828035 > NUL
echo.
echo Checking for MS03-029: A flaw in a Windows function might allow a Denial of Service
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB823803\Comments" /s || echo Patching for Q823803... && .\OS\Q823803\WindowsNT4Server-KB823803-x86-ENU.EXE /q /z

:q828035
echo %NT40_Version% | find /i "winnt" && goto q828035-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q828035-s > NUL
echo %NT40_Version% | find /i "server" && goto q828035-s > NUL
:q828035-ws
echo.
echo Checking for MS03-043: Buffer overrun in Messenger service could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828035\Comments" /s || echo Patching for Q828035... && .\OS\Q828035\Workstation\WindowsNT4Workstation-KB828035-x86-ENU.EXE /q /z
goto q825119
:q828035-s
echo.
echo Checking for MS03-043: Buffer overrun in Messenger service could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828035\Comments" /s || echo Patching for Q828035... && .\OS\Q828035\Server\WindowsNT4Server-KB828035-x86-ENU.EXE /q /z

:q825119
echo %NT40_Version% | find /i "winnt" && goto q825119-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q825119-s > NUL
echo %NT40_Version% | find /i "server" && goto q825119-s > NUL
:q825119-ws
echo.
echo Checking for MS03-044: Buffer overrun in Windows Help and Support Center could lead to system compromise
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB825119\Comments" /s || echo Patching for Q825119... && .\OS\Q825119\Workstation\WindowsNT4Workstation-KB825119-x86-ENU.EXE /q /z
goto q824141
:q825119-s
echo.
echo Checking for MS03-044: Buffer overrun in Windows Help and Support Center could lead to system compromise
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB825119\Comments" /s || echo Patching for Q825119... && .\OS\Q825119\Server\WindowsNT4Server-KB825119-x86-ENU.EXE /q /z

:q824141
echo %NT40_Version% | find /i "winnt" && goto q824141-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q824141-s > NUL
echo %NT40_Version% | find /i "server" && goto q824141-s > NUL
:q824141-ws
echo.
echo Checking for MS03-045: Buffer overrun in the ListBox and in the ComboBox Control could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824141\Comments" /s || echo Patching for Q824141... && .\OS\Q824141\Workstation\WindowsNT4Workstation-KB824141-x86-ENU.EXE /q /z
goto q830352
:q824141-s
echo.
echo Checking for MS03-045: Buffer overrun in the ListBox and in the ComboBox Control could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB824141\Comments" /s || echo Patching for Q824141... && .\OS\Q824141\Server\WindowsNT4Server-KB824141-x86-ENU.EXE /q /z

:q830352
echo.
echo Checking for MS04-006: A vulnerability in the Windows Internet Name Service (WINS) could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB830352\File 1" /s || echo Patching for Q830352... && .\OS\Q830352\WindowsNT4Server-KB830352-x86-ENU.EXE /q /z

:q828028
echo %NT40_Version% | find /i "winnt" && goto q828028-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q828028-s > NUL
echo %NT40_Version% | find /i "server" && goto q828028-s > NUL
:q828028-ws
echo.
echo Checking for MS04-007: An ASN.1 vulnerability could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828028\File 1" /s || echo Patching for Q828028... && .\OS\Q828028\Workstation\WindowsNT4Workstation-KB828028-x86-ENU.EXE /q /z
goto q835732
:q828028-s
echo.
echo Checking for MS04-007: An ASN.1 vulnerability could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828028\File 1" /s || echo Patching for Q828028... && .\OS\Q828028\Server\WindowsNT4Server-KB828028-x86-ENU.EXE /q /z

:q835732
echo %NT40_Version% | find /i "winnt" && goto q835732-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q835732-s > NUL
echo %NT40_Version% | find /i "server" && goto q835732-s > NUL
:q835732-ws
echo.
echo Checking for MS04-011: Security Update for Microsoft Windows
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB835732\File 1" /s || echo Patching for Q835732... && .\OS\Q835732\Workstation\WindowsNT4Workstation-KB835732-x86-ENU.EXE /q /z
goto q828741
:q835732-s
echo.
echo Checking for MS04-011: Security Update for Microsoft Windows
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB835732\File 1" /s || echo Patching for Q835732... && .\OS\Q835732\Server\WindowsNT4Server-KB835732-x86-ENU.EXE /q /z

:q828741
echo %NT40_Version% | find /i "winnt" && goto q828741-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q828741-s > NUL
echo %NT40_Version% | find /i "server" && goto q828741-s > NUL
:q828741-ws
echo.
echo Checking for MS04-012: Cumulative Update for Microsoft RPC/DCOM
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828741\File 1" /s || echo Patching for Q828741... && .\OS\Q828741\Workstation\WindowsNT4Workstation-KB828741-x86-ENU.EXE /q /z
goto q841872
:q828741-s
echo.
echo Checking for MS04-012: Cumulative Update for Microsoft RPC/DCOM
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB828741\File 1" /s || echo Patching for Q828741... && .\OS\Q828741\Server\WindowsNT4Server-KB828741-x86-ENU.EXE /q /z

:q841872
echo %NT40_Version% | find /i "winnt" && goto q841872-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q841872-s > NUL
echo %NT40_Version% | find /i "server" && goto q841872-s > NUL
:q841872-ws
echo.
echo Checking for MS04-020: A vulnerability in POSIX could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841872\File 1" /s || echo Patching for Q841872... && .\OS\Q841872\Workstation\WindowsNT4Workstation-KB841872-x86-ENU.exe /q /z
goto q839645
:q841872-s
echo.
echo Checking for MS04-020: A vulnerability in POSIX could allow code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841872\File 1" /s || echo Patching for Q841872... && .\OS\Q841872\Server\WindowsNT4Server-KB841872-x86-ENU.exe /q /z

:q839645
echo %NT40_Version% | find /i "winnt" && goto q839645-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q839645-s > NUL
echo %NT40_Version% | find /i "server" && goto q839645-s > NUL
:q839645-ws
echo.
echo Checking for MS04-024: A vulnerability in Windows Shell could allow remote code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839645\File 1" /s || echo Patching for Q839645... && .\OS\Q839645\Workstation\WindowsNT4Workstation-KB839645-x86-ENU.exe /q /z
goto q873350
:q839645-s
echo.
echo Checking for MS04-024: A vulnerability in Windows Shell could allow remote code execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB839645\File 1" /s || echo Patching for Q839645... && .\OS\Q839645\Server\WindowsNT4Server-KB839645-x86-ENU.exe /q /z

:q873350
echo %NT40_Version% | find /i "winnt" && goto q873350-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q873350-s > NUL
echo %NT40_Version% | find /i "server" && goto q873350-s > NUL
:q873350-ws
goto q841533
:q873350-s
echo.
echo Checking for MS04-029: Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873350\File 1" /s || echo Patching for Q873350... && .\OS\Q873350\WindowsNT4Server-KB873350-x86-ENU.exe /q /z

:q841533
echo %NT40_Version% | find /i "winnt" && goto q841533-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q841533-s > NUL
echo %NT40_Version% | find /i "server" && goto q841533-s > NUL
:q841533-ws
goto q840987
:q841533-s
echo.
echo Checking for MS04-031: Vulnerability in NetDDE Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB841533\File 1" /s || echo Patching for Q841533... && .\OS\Q841533\WindowsNT4Server-KB841533-x86-ENU.exe /q /z

:q840987
echo %NT40_Version% | find /i "winnt" && goto q840987-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q840987-s > NUL
echo %NT40_Version% | find /i "server" && goto q840987-s > NUL
:q840987-ws
goto q841356
:q840987-s
echo.
echo Checking for MS04-032: Security Update for Microsoft Windows
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB840987\File 1" /s || echo Patching for Q840987... && .\OS\Q840987\WindowsNT4Server-KB840987-x86-ENU.exe /q /z

:q841356
echo %NT40_Version% | find /i "winnt" && goto q841356-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q841356-s > NUL
echo %NT40_Version% | find /i "server" && goto q841356-s > NUL
:q841356-ws
goto q885836
:q841356-s
echo.
echo Checking for MS04-037: Vulnerability in Windows Shell Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{dccb3000-9408-4772-b113-b600e1311cef}" /s || echo Patching for Q841356... && .\OS\Q841356\WindowsNT4Server-KB841356-x86-ENU.exe /q:a /r:n

:q885836
echo %NT40_Version% | find /i "winnt" && goto q885836-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q885836-s > NUL
echo %NT40_Version% | find /i "server" && goto q885836-s > NUL
:q885836-ws
goto q873339
:q885836-s
echo.
echo Checking for MS04-041: Vulnerability in WordPad Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885836\File 1" /s || echo Patching for Q885836... && .\OS\Q885836\WindowsNT4Server-KB885836-x86-ENU.exe /q /z

:q873339
echo %NT40_Version% | find /i "winnt" && goto q873339-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q873339-s > NUL
echo %NT40_Version% | find /i "server" && goto q873339-s > NUL
:q873339-ws
goto q885835
:q873339-s
echo.
echo Checking for MS04-043: Vulnerability in HyperTerminal Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB873339\File 1" /s || echo Patching for Q873339... && .\OS\Q873339\WindowsNT4Server-KB873339-x86-ENU.exe /q /z

:q885835
echo %NT40_Version% | find /i "winnt" && goto q885835-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q885835-s > NUL
echo %NT40_Version% | find /i "server" && goto q885835-s > NUL
:q885835-ws
goto q890175
:q885835-s
echo.
echo Checking for MS04-044: Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885835\File 1" /s || echo Patching for Q885835... && .\OS\Q885835\WindowsNT4Server-KB885835-x86-ENU.exe /q /z

:q890175
echo %NT40_Version% | find /i "winnt" && goto q890175-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q890175-s > NUL
echo %NT40_Version% | find /i "server" && goto q890175-s > NUL
:q890175-ws
goto q891711
:q890175-s
echo.
echo Checking for MS05-001: Vulnerability in HTML Help Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q890175" /s || echo Patching for Q890175... && .\OS\Q890175\WindowsNT4-KB890175-ENU.EXE /q:a /r:n

:q891711
echo %NT40_Version% | find /i "winnt" && goto q891711-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q891711-s > NUL
echo %NT40_Version% | find /i "server" && goto q891711-s > NUL
:q891711-ws
goto q885834
:q891711-s
echo.
echo Checking for MS05-002: Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB891711\File 1" /s || echo Patching for Q891711... && .\OS\Q891711\WindowsNT4Server-KB891711-x86-ENU.exe /q /z

:q885834
echo %NT40_Version% | find /i "winnt" && goto q885834-ws > NUL
echo %NT40_Version% | find /i "lanmannt" && goto q885834-s > NUL
echo %NT40_Version% | find /i "server" && goto q885834-s > NUL
:q885834-ws
goto qchain
:q885834-s
echo.
echo Checking for MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution
.\REG\REG.EXE QUERY "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB885834\File 1" /s || echo Patching for Q885834... && .\OS\Q885834\WindowsNT4Server-KB885834-x86-ENU.exe /q /z

endlocal


:qchain
REM -------------------------------------------------------------
echo.
echo.
echo Qchaining hotfixes...
echo.

.\Qchain\qchain.exe


REM -------------------------------------------------------------
color
echo.
echo.
echo Initial update process for Windows NT 4.0 SP6a completed.  Please reboot 
echo for all hotfixes to take effect and verify patch levels afterwards.  Also
echo be sure to verify the installed version of Internet Explorer and patch 
echo accordingly.
echo.

.\SLEEP\SLEEP.EXE 03
goto end


:nosp6a
echo Service Pack 6a is not installed on this system.  Please install SP6a before
echo running this script.
echo.
.\SLEEP\SLEEP.EXE 03
goto end


:end