Microsoft will stop releasing security updates, hotfixes and other updates for Windows XP SP2 on July 13th 2010. No biggie, you might think, after all Windows XP SP3 was released way back in April 2008 and since then we've had both Vista (perhaps best forgotten) and the much more palatable Windows 7. Yet despite the death of XP SP2 being absolutely no surprise to IT admins the world over, it would seem that a large number of machines within enterprise networks are still running that very version of the Windows OS.
Qualsys reckons we are still more than a year away from all machines migrating away from XP SP2 and this threatens to leave many of them exposed to exploits for the vulnerabilities that you can bank upon being unleashed in the second half of 2010. It's not really such a big concern for home users, of course, as XP SP3 is already being pushed automatically through Windows Update, but in the enterprise such automatic updating just isn't feasible.
DaniWeb asked Qualys CTO, Wolfgang Kandek, what global security risks the Windows XP SP2 end-of-life creates?
"Starting in August, the risk of using SP2 will grow as more vulnerabilities for Windows XP are uncovered over time. While we do not know the exact dates and the severity of these vulnerabilities, we are certain that after 90 days automated attacks (exploits) will be available. These exploits will give the attacker full control over the infected machine, including access to all information stored on the machine and the capability of using the machine as a jump-off point into other parts of the network. Attackers will use their proven propagation methods: e-mail, instant messaging and infected websites to deliver the exploits to the target machines".
We also asked Wolfgang Kandek for his advice to those who will still be using XP SP2 come July in order to stay secure?
"We recommend upgrading to SP3, as it will cause the least disruption and have no migration work – no new interface style, same hardware requirements and no compatibility questions. Companies that are advanced in their Windows 7 (or Vista) roll-out are in a position to weigh the risk of temporarily running on SP2 against the probability of having their SP2 machines coming under attack".