MS06-040 apply to SP3?

[canadajoe]

We have some client servers that need to remain at SP3 and there is no patch for this SP level. Does that mean the vulnerability does not exist at this level or that something else must be done. They say you can block ports as a workaround but several Windows services use these same ports so that is not practical either. Thanks for your help.

 

[porkchopexpress]

Extended security update support for Microsoft Windows 2000 Service Pack 3 ended on June 30, 2005. I am still using one of these operating systems; what should I do?
Windows NT Workstation 4.0 Service Pack 6a, Windows NT Server 4.0 Service Pack 6a, Windows 2000 Service Pack 2, and Windows 2000 Service Pack 3 have reached the end of their support life cycles. It should be a priority for customers who have these operating system versions to migrate to supported versions to prevent potential exposure to vulnerabilities. For more information about the Windows Product Lifecycle, visit the following Microsoft Support Lifecycle Web site. For more information about the extended security update support period for these operating system versions, visit the Microsoft Product Support Services Web site.
"

http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx

 

[canadajoe]

Thanks, we have a Premier support contract and there are no patches available for this SP level I have found out through talking to Microsoft.