Windows XP SP2 retirement looms, puts users in tough spot
Half of all corporate PCs running XP stuck on soon-to-be-obsolete SP2
Computerworld - Half of the enterprise computers running the aged Windows XP operating system are still relying on the soon-to-be-retired Service Pack 2 (SP2), a researcher said today.
According to security risk and compliance management provider Qualys, 50% of the several hundred thousand PCs it monitors for its clients are still running Windows XP SP2.
"The normal thing for IT is not to muck around with something that works," said Wolfgang Kandek, chief technology officer for Qualys, as he tried to explain why corporations have stuck with 2004's SP2 and not updated to SP3, which debuted two years ago.
Microsoft will officially retire Windows XP SP2 on July 13. After that date, although it will continue to provide security updates for XP SP3, it will stop issuing patches for the older SP2.
"I would expect that come August, SP2 will be getting hard and harder to defend," said Kandek, referring to the lack of security updates. "I expect to see reliable exploits of unpatched vulnerabilities three or four months later."
Companies have stepped up their efforts to migrate machines to XP SP3 in the last 11 months -- the rate of adoption of the newest service pack during that period was roughly double that of SP3's first 14 months of availability -- but even now, just weeks before SP2 will slide off support, half of the Windows XP systems still run the older edition, according to Qualys.
"I think this simply flew under the radar of most IT professionals," said Kandek, talking about the July retirement of XP SP2. "Personally, I didn't know about it until two months ago. I don't think many people were looking at the [retirement] messages Microsoft was putting out."
Microsoft started warning customers of XP SP2's looming retirement last February, and has been repeating that warning every month in its Microsoft Security Response Center (MSRC) blog on Patch Tuesday, the regularly-scheduled second-Tuesday-of-the-month security update release day. But not every user reads the MSRC blog.
Windows XP SP3 will exit all support in April 2014; to receive vulnerability fixes, users must update to that service pack by July.
By Qualys' numbers, Windows XP accounts for approximately 80% of all enterprise PCs, a considerably higher share than estimated by Web metrics companies such as NetApplications, which pegged XP's share in April at 63.4%. NetApplications, however, calculates usage share globally -- Qualys' is predominantly U.S. -- and factors in consumers as well as businesses.
Microsoft has made some minor concessions on Windows XP SP2 support. Last month, it said it would take calls from customers running outdated service packs, such as SP2. Previously, it turned those people away.
Instead, Microsoft's support staff will answer questions about old service packs, fill out support tickets and provide what the company's head of support called "limited troubleshooting."
The new support for obsolete service packs isn't free, however. Companies or customers without an in-place Microsoft support plan will be billed on a per-incident rate. A consumer contacting Microsoft support via chat or e-mail, for example, is charged $49, while telephone-based support costs $59.
Windows XP SP3 can be downloaded from the Microsoft site, or obtained from XP SP2 PCs via the Windows Update service.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Windows XP lives
- Update: IRS misses XP deadline, will spend $30M to upgrade remaining PCs
- Microsoft Patch Tuesday bids adieu to Windows XP
- FAQ: Good-bye old pal, old paint, Windows XP
- Windows XP: The end is nigh
- How to Support Windows XP Now That Microsoft Isn't
- Microsoft sketches out final Windows XP security updates for next week
- Last-minute lazybones dump Windows XP
- Microsoft returns to scare tactic well in dump-XP campaign
- Microsoft tries to tempt XP diehards with $100 discount on new PCs
- ATM operators eye Linux as alternative to Windows XP
Read more about Windows in Computerworld's Windows Topic Center.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Pragmatic Endpoint Management: Empowering an SMB Workforce in the Age of Mobility Lacking the time for proper training and education, SMB administrators often resort to taking shortcuts to keep their environment running.This paper discusses the...
- Gartner Magic Quadrant for Application Security The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Windows White Papers | Webcasts