Firms face security issue as XP SP2 retirement looms

Many organisations will soon face more security risks

Three out of four companies will soon face more security risks because they continue to run the soon-to-be-retired Windows XP Service Pack 2 (SP2), a report claims.

According to Toronto, Canada-based technology provider Softchoice, 77% of the organisations it surveyed are running Windows XP SP2 on 10% or more of their PCs. Nearly 46% of the 280,000 business computers Softchoice analysed rely on the aged operating system.

"This is a red alert," said Dean Williams, services development manager for Softchoice. "This isn't something you can safely ignore, like you might have before."

Williams was referring to the impending end-of-support deadline that Microsoft has set for Windows XP SP2, a service pack that debuted in the fall of 2004. After July 13, Microsoft will stop issuing security updates for SP2, a move that has users scrambling to update to Windows XP SP3, which will be supported until April 2014.

"Windows XP SP2 is deployed in 100% of the companies [surveyed] to some extent," said Williams. "But that doesn't tell the whole story. On average, 36% of the PCs in every organisation run SP2."

Softchoice obtained its data from customers of its IT assessment services, which include asset, hardware lifecycle and licensing management. It analysed 278,000 PCs in 117 US and Canadian organisations in education and the financial, healthcare and manufacturing industries. The firm weighted the number of XP SP2 systems in each polled organisation to arrive at the average usage mark of 36%.

But most companies have work to do, Williams said, citing the 10% threshold of Windows XP SP2 systems. "It's unrealistic to expect them to execute a deployment of Windows 7 in the next three weeks," he said. "But they should determine who is affected and get them updated to Windows XP SP3 immediately."

Windows XP SP3, which Microsoft released in May 2008, is available as a free upgrade to all Windows XP users. Microsoft has promised to support XP SP3 with security updates until April 8, 2014.

Softchoice's data is similar to numbers produced last month by Qualys, which said that approximately half of all enterprise PCs running some version of XP were using SP2.

According to web metrics company Net Applications, 62.5% of all personal computers worldwide ran Windows XP in May. Net Applications has tracked an 11-point drop in XP's usage share in the last 12 months.

Williams expects that number to fall even faster with Windows XP SP2's retirement. "This represents the death knell of XP," he said. "[Windows XP SP3] is only a stay of execution."

Williams urged users and companies still running XP SP2 to update immediately, and said there's little risk in doing so. While enterprises may have put off deploying XP SP2 shortly after it launched in 2004 — in large part because it was a major overhaul of the operating system — XP SP3 is essentially just a collection of already-released fixes and patches.

"There's no compelling reason to delay the move to SP3," Williams said.

Microsoft has been beating the same drum, reminding users each month's Patch Tuesday of the looming retirement. In April, the company also made minor concessions on Windows XP SP2 support, announcing that it would take calls from customers running outdated service packs, such as SP2. Previously, it turned those people away.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftwindows xpSecurity IDsp 2

Show Comments