Almost half of all PCs still run the operating system, which could leave organizations exposed to new malware, with no way of patching the vulnerabilities.
Microsoft will end support for both its Windows 2000 and Windows XP Service Pack 2 (SP2) operating systems this Patch Tuesday.
Unfortunately, the security implications could be a rude awakening for many organizations, because 45% of all PCs still run Windows XP SP2, and 77% of organizations run it on at least 10% of their PCs. Those findings come from a study released last month by Softchoice, of about 280,000 PCs running in 117 private and public sector organizations in the United States and Canada.
"We were surprised by the number of people who have not yet deployed Service Pack 3," said Dean Williams, services development manager for Softchoice, in a statement. "If organizations aren't already on top of this, they should be moving quickly to update their systems." The upgrade is free, but Williams notes that it can take a significant amount of time to test and apply it.
Still, there's little reason to wait. "While there were some documented issues when Service Pack 3 first launched, this was much more of an incremental upgrade compared to the major overhaul represented by Service Pack 2," he said. "Many users rightfully delayed their SP2 deployments but at this point there really isn't a compelling reason to delay the move to SP3."
Microsoft said it will support Windows XP SP3 at least through April 2014.
Continuing to use Windows XP2 could also leave organizations contending with ever greater amounts of malware aimed at exploiting vulnerabilities that can't be patched, or for underlying components which simply don't get patched.
That's because, from an information security standpoint, the problem isn't just that security updates for Windows XP SP2 will cease. "Your installations for Internet Explorer, Windows Media Player, Outlook Express and other Windows XP SP2 components also won't receive security patches if you're running that version of the operating system," said Graham Cluley, a senior technology consultant at Sophos, on his blog.
The result is a potential PC management headache, with IT managers having to monitor their "sunset" -- in developer parlance -- Windows XP SP2 clients for signs that they'd been hacked or exploited, while also ensuring that they continued to patch the underlying components, to triage PCs as best they could.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.