Looks like Windows NT4 is... well, pretty much dead on the security front. As Nick Farrell of The Inquirer puts it, it has a security hole so wide that you can park a bus load of hackers in it, sideways; its a problem in the server message block (SMB) protocol which allows print and files to be shared on a Windows network. It was fixed for other Microsoft Server offerings, but not for good old (or dead old) NT4.
The problem is that there are still loads of NT4 users out there and it runs lots of websites. Netcraft thinks that 1.1 percent of web-facing hostnames continued to run NT4 which is about 60 million sites. Security firm eEye Digital Security complained to the BugTraq vulnerability mailing list here that Vole was being petty about releasing the patch. It claimed that Microsoft had created a private patch for customers who have paid for extended Windows NT 4.0 support, it just was not giving it out generally because it wanted people to stop using NT4.