Microsoft will end support for both its Windows 2000 and Windows XP Service Pack 2 (SP2) operating systems this Patch Tuesday.
Unfortunately, the security implications could be a rude awakening for many organizations, because 45% of all PCs still run Windows XP SP2, and 77% of organizations run it on at least 10% of their PCs. Those findings come from a study released last month by Softchoice, of about 280,000 PCs running in 117 private and public sector organizations in the United States and Canada.
"We were surprised by the number of people who have not yet deployed Service Pack 3," said Dean Williams, services development manager for Softchoice, in a statement. "If organizations aren't already on top of this, they should be moving quickly to update their systems." The upgrade is free, but Williams notes that it can take a significant amount of time to test and apply it.
Still, there's little reason to wait. "While there were some documented issues when Service Pack 3 first launched, this was much more of an incremental upgrade compared to the major overhaul represented by Service Pack 2," he said. "Many users rightfully delayed their SP2 deployments but at this point there really isn't a compelling reason to delay the move to SP3."
Microsoft said it will support Windows XP SP3 at least through April 2014.
Continuing to use Windows XP2 could also leave organizations contending with ever greater amounts of malware aimed at exploiting vulnerabilities that can't be patched, or for underlying components which simply don't get patched.
That's because, from an information security standpoint, the problem isn't just that security updates for Windows XP SP2 will cease. "Your installations for Internet Explorer, Windows Media Player, Outlook Express and other Windows XP SP2 components also won't receive security patches if you're running that version of the operating system," said Graham Cluley, a senior technology consultant at Sophos, on his blog.
The result is a potential PC management headache, with IT managers having to monitor their "sunset" -- in developer parlance -- Windows XP SP2 clients for signs that they'd been hacked or exploited, while also ensuring that they continued to patch the underlying components, to triage PCs as best they could.