Sticking to its guns, Microsoft has confirmed that it is indeed pulling the plug on support for Windows XP SP2 tomorrow. Perhaps that will provide the much-needed kick in the rear for organizations that have steadfastly refused to upgrade to SP3 -- and evidently, quite a few companies fall into that category.
According to Wolgang Kandek, the CTO of IT security company Qualys, only half of all Windows XP installations have upgraded to SP3 since it was released in April 2008. Until the holdouts make the upgrade, they won't benefit from security updates and patches, meaning their systems may be less secure and less stable.
[ Also on InfoWorld.com: Microsoft releases Windows 7 SP1 beta for IT | Get all the details you need on deploying and using Windows 7 in the InfoWorld editors' 21-page Windows 7 Deep Dive PDF special report. | Stay up with Windows news and analysis with our Technology: Windows newsletter. ]
"Even with a significant increase in the upgrade ratio, up from the 20 percent and 30 percent achieved in 2008 and 2009 respectively, we are still over a year away from having all machines migrated, threatening to leave many machines exposed to exploits for the vulnerabilities that we expect in the second half of 2010," Kandek writes.
Frankly, all those organizations that that are clinging to SP2 really have no excuse not to move to SP3. The upgrade is free, and as noted, it's been around for more than two years (whereas SP2 has been around since 2004). There's some wisdom in exercising discretion before adopting a major OS upgrade, certainly; SP2 had its share of flaws when it first came out, though Microsoft got it right eventually. Additionally, SP3 had critical bugs early on, but at this point, SP3 is sufficiently stable and will certainly be the more secure alternative to SP2 after tomorrow when Microsoft stops updating the latter.