Code Red / Microsoft Patch Q300972i / NT Service Packs

["Boyce, Nick" <nick.boyce () eds com>]

Microsoft's Security Bulletin MS01-033 (the one announcing the vulnerability
being used by Code Red, and the patch availability) states :

   "The Windows NT 4.0 patch can be installed on systems 
   Windows NT 4.0 Service Pack 6a."

(See
http://www.microsoft.com/technet/treeview/default.asp?url=/TechNet/security/
bulletin/ms01-033.asp, and click "Additional information about this patch".)

And the relevant KB article
http://support.microsoft.com/support/kb/articles/Q300/9/72.ASP says

   "NOTE: Due to file dependencies, this hotfix requires 
   Microsoft Windows NT 4.0 Service Pack 6a."

Can anyone provide any experience of successfully using the patch
("Q300972i.exe") on an NT4 Server running *earlier* service packs ?   A
statement from Microsoft would be nice (like: What is the impact of applying
the patch to a server running an earlier SP ?  What would be broken ?)

[ We have a couple of NT4 servers stuck with earlier SPs (one with SP4, and
one with SP5) due to alleged non-certification of their major application
with any later service pack.  I've set up a test NT4/SP5/IIS4 server, and
installed Q300972i, and IIS is back up & running without apparent sickness
...]

Thanks for any light anyone can shed.

Nick Boyce
EDS, Bristol, UK