Almost half of all PCs still run the operating system, which could leave organizations exposed to new malware, with no way of patching the vulnerabilities.
Microsoft will end support for both its Windows 2000 and Windows XP Service Pack 2 (SP2) operating systems this Patch Tuesday.
Unfortunately, the security implications could be a rude awakening for many organizations, because 45% of all PCs still run Windows XP SP2, and 77% of organizations run it on at least 10% of their PCs. Those findings come from a study released last month by Softchoice, of about 280,000 PCs running in 117 private and public sector organizations in the United States and Canada.
"We were surprised by the number of people who have not yet deployed Service Pack 3," said Dean Williams, services development manager for Softchoice, in a statement. "If organizations aren't already on top of this, they should be moving quickly to update their systems." The upgrade is free, but Williams notes that it can take a significant amount of time to test and apply it.
Still, there's little reason to wait. "While there were some documented issues when Service Pack 3 first launched, this was much more of an incremental upgrade compared to the major overhaul represented by Service Pack 2," he said. "Many users rightfully delayed their SP2 deployments but at this point there really isn't a compelling reason to delay the move to SP3."
Microsoft said it will support Windows XP SP3 at least through April 2014.
Continuing to use Windows XP2 could also leave organizations contending with ever greater amounts of malware aimed at exploiting vulnerabilities that can't be patched, or for underlying components which simply don't get patched.
That's because, from an information security standpoint, the problem isn't just that security updates for Windows XP SP2 will cease. "Your installations for Internet Explorer, Windows Media Player, Outlook Express and other Windows XP SP2 components also won't receive security patches if you're running that version of the operating system," said Graham Cluley, a senior technology consultant at Sophos, on his blog.
The result is a potential PC management headache, with IT managers having to monitor their "sunset" -- in developer parlance -- Windows XP SP2 clients for signs that they'd been hacked or exploited, while also ensuring that they continued to patch the underlying components, to triage PCs as best they could.
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!