Microsoft Windows XP SP2 Support Ends with Bugs Open
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Microsoft Windows XP SP2 Support Ends with Bugs Open

Written By
Brian Prince
Brian Prince
Jul 14, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Microsoft is ending support for Windows XP Service Pack 2 today.

For many businesses, this means one thing — if you are still using the nearly 6-year-old version of the operating system, it is time to upgrade.

Not just because Microsoft says so, and not just because organizations still using Windows XP SP2 are not getting the advantage of the security mechanisms added in Windows Vista and Windows 7. There is also another reason: Any bugs left over in SP2 will be left open forever.

HD Moore, creator of the Metasploit Framework and now chief security officer of Rapid7, knows this well.

“I was disappointed to see that a number of privately reported flaws were not patched in this final update to Windows XP SP2,” Moore said. “This effectively leaves XP SP2 unprotected against a number of serious vulnerabilities that will be fixed for SP3 later this year. One of these is an issue I reported to Microsoft in December of 2006, which has a serious impact on most rich-text aware applications.”

While Moore said he is under an NDA (nondisclosure agreement) and cannot talk about the specifics of the bug, he added that he is also aware of a number of flaws reported by friends and associates in XP SP2 that were ignored in the July 13 Patch Tuesday update.

“The problem is that any flaws patched in Windows XP SP3 can now be turned into exploits that work as ‘skeleton keys’ against Windows XP SP2,” he said. “Since Windows XP SP2 was mass-distributed on physical media as part of a huge security push, I expect to continue seeing [SP2] on corporate networks for years to come.”

Admins should take advantage of the relative lightness of this month’s Patch Tuesday to begin upgrading machines to a supported operating system or service pack level, advised Jason Miller, data and security team manager at Shavlik Technologies. Microsoft ended support today for Windows 2000 as well.

“Microsoft will not be supplying new security Bulletins for these operating systems going forward,” Miller said. “It is important for administrators to use this light patch month to identify these systems on their network and upgrade the machines … Unlike patching, deploying new operating systems or service packs can be quite an undertaking as it requires plenty of time and effort.”
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information