Computerworld - Barring an unforeseen patch in the next four weeks, users running Windows XP Service Pack 2 have seen their last security update for Internet Explorer.
Although Microsoft has told Windows XP SP2 users several times this year that it will retire the 2004 operating system on July 13, users may not realize that they will also not receive any Internet Explorer security updates after that date.
Microsoft confirmed that users running Windows XP SP2 will receive no IE6, IE7 or IE8 patches after July 13. The company said there is no mechanism for offering IE-only patches to people using Windows XP SP2.
"Customers will need to install [Windows] XP SP3 in order to leverage the extended support (which includes security updates), which will run through April 2014," a Microsoft spokeswoman said in an e-mail reply to questions. "There is no differentiation for XP SP2 customers running IE."
The practice of linking browser patches to operating systems' support life cycles is a long-standing Microsoft policy.
However, it means that users still relying on Windows XP SP2 will be at risk for exploits of any IE vulnerability that Microsoft patches after July 13. According to data from Qualys, about half of all enterprise PCs running Windows XP were still using SP2 as of late last month.
Unless Microsoft releases an emergency IE update in the next 31 days or deviates from its habit of issuing browser updates on alternate months, XP SP2 users have received their last IE patch. Microsoft fixed six IE flaws June 8 during this month's Patch Tuesday. The next IE fix probably won't appear until Aug. 10, after XP SP2 drops out of support.
Microsoft could deliver an "out of band" patch before July 13 if an IE vulnerability popped up and the company hustled to craft and release a fix. However, there are no open Microsoft-issued IE security advisories. A bug disclosed last week that can be exploited via IE -- or any other browser -- is not in IE, but in a Windows help component.
To continue to receive IE security updates, users must upgrade to Windows XP SP3, shift to a newer edition of Windows or manually download the browser updates from Microsoft's site. The latter, however, is not supported: Microsoft links IE updates to specific operating system editions, and there is no guarantee that one labeled for XP SP3 will work with the older service pack.
Alternatively, users can stop using Internet Explorer and turn instead to a rival browser, such as Mozilla's Firefox, Google's Chrome or Opera Software's Opera.
Microsoft intends to support Windows XP SP3 until mid-April 2014.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at 
@gkeizer or subscribe to Gregg's RSS feed 
. His e-mail address is gkeizer@ix.netcom.com.
Read more about Browsers in Computerworld's Browsers Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
