Windows XP SP2 retirement looms, puts users in tough spot
Half of all corporate PCs running XP stuck on soon-to-be-obsolete SP2
Computerworld - Half of the enterprise computers running the aged Windows XP operating system are still relying on the soon-to-be-retired Service Pack 2 (SP2), a researcher said today.
According to security risk and compliance management provider Qualys, 50% of the several hundred thousand PCs it monitors for its clients are still running Windows XP SP2.
"The normal thing for IT is not to muck around with something that works," said Wolfgang Kandek, chief technology officer for Qualys, as he tried to explain why corporations have stuck with 2004's SP2 and not updated to SP3, which debuted two years ago.
Microsoft will officially retire Windows XP SP2 on July 13. After that date, although it will continue to provide security updates for XP SP3, it will stop issuing patches for the older SP2.
"I would expect that come August, SP2 will be getting hard and harder to defend," said Kandek, referring to the lack of security updates. "I expect to see reliable exploits of unpatched vulnerabilities three or four months later."
Companies have stepped up their efforts to migrate machines to XP SP3 in the last 11 months -- the rate of adoption of the newest service pack during that period was roughly double that of SP3's first 14 months of availability -- but even now, just weeks before SP2 will slide off support, half of the Windows XP systems still run the older edition, according to Qualys.
"I think this simply flew under the radar of most IT professionals," said Kandek, talking about the July retirement of XP SP2. "Personally, I didn't know about it until two months ago. I don't think many people were looking at the [retirement] messages Microsoft was putting out."
Microsoft started warning customers of XP SP2's looming retirement last February, and has been repeating that warning every month in its Microsoft Security Response Center (MSRC) blog on Patch Tuesday, the regularly-scheduled second-Tuesday-of-the-month security update release day. But not every user reads the MSRC blog.
Windows XP SP3 will exit all support in April 2014; to receive vulnerability fixes, users must update to that service pack by July.
By Qualys' numbers, Windows XP accounts for approximately 80% of all enterprise PCs, a considerably higher share than estimated by Web metrics companies such as NetApplications, which pegged XP's share in April at 63.4%. NetApplications, however, calculates usage share globally -- Qualys' is predominantly U.S. -- and factors in consumers as well as businesses.
Microsoft has made some minor concessions on Windows XP SP2 support. Last month, it said it would take calls from customers running outdated service packs, such as SP2. Previously, it turned those people away.
Instead, Microsoft's support staff will answer questions about old service packs, fill out support tickets and provide what the company's head of support called "limited troubleshooting."
The new support for obsolete service packs isn't free, however. Companies or customers without an in-place Microsoft support plan will be billed on a per-incident rate. A consumer contacting Microsoft support via chat or e-mail, for example, is charged $49, while telephone-based support costs $59.
Windows XP SP3 can be downloaded from the Microsoft site, or obtained from XP SP2 PCs via the Windows Update service.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Windows XP lives
- Microsoft slashes Windows XP custom support prices just days before axing public patches
- Update: IRS misses XP deadline, will spend $30M to upgrade remaining PCs
- Microsoft Patch Tuesday bids adieu to Windows XP
- FAQ: Good-bye old pal, old paint, Windows XP
- Windows XP: The end is nigh
- How to Support Windows XP Now That Microsoft Isn't
- Microsoft sketches out final Windows XP security updates for next week
- Last-minute lazybones dump Windows XP
- Microsoft returns to scare tactic well in dump-XP campaign
- Microsoft tries to tempt XP diehards with $100 discount on new PCs
Read more about Windows in Computerworld's Windows Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Windows White Papers | Webcasts