Almost half of all PCs still run the operating system, which could leave organizations exposed to new malware, with no way of patching the vulnerabilities.
Microsoft will end support for both its Windows 2000 and Windows XP Service Pack 2 (SP2) operating systems this Patch Tuesday.
Unfortunately, the security implications could be a rude awakening for many organizations, because 45% of all PCs still run Windows XP SP2, and 77% of organizations run it on at least 10% of their PCs. Those findings come from a study released last month by Softchoice, of about 280,000 PCs running in 117 private and public sector organizations in the United States and Canada.
"We were surprised by the number of people who have not yet deployed Service Pack 3," said Dean Williams, services development manager for Softchoice, in a statement. "If organizations aren't already on top of this, they should be moving quickly to update their systems." The upgrade is free, but Williams notes that it can take a significant amount of time to test and apply it.
Still, there's little reason to wait. "While there were some documented issues when Service Pack 3 first launched, this was much more of an incremental upgrade compared to the major overhaul represented by Service Pack 2," he said. "Many users rightfully delayed their SP2 deployments but at this point there really isn't a compelling reason to delay the move to SP3."
Microsoft said it will support Windows XP SP3 at least through April 2014.
Continuing to use Windows XP2 could also leave organizations contending with ever greater amounts of malware aimed at exploiting vulnerabilities that can't be patched, or for underlying components which simply don't get patched.
That's because, from an information security standpoint, the problem isn't just that security updates for Windows XP SP2 will cease. "Your installations for Internet Explorer, Windows Media Player, Outlook Express and other Windows XP SP2 components also won't receive security patches if you're running that version of the operating system," said Graham Cluley, a senior technology consultant at Sophos, on his blog.
The result is a potential PC management headache, with IT managers having to monitor their "sunset" -- in developer parlance -- Windows XP SP2 clients for signs that they'd been hacked or exploited, while also ensuring that they continued to patch the underlying components, to triage PCs as best they could.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.