Microsoft Subnet An independent Microsoft community View more

Microsoft kills security updates, support for Windows 2000, XP Service Pack 2

Microsoft warns of “significant” security risk posed by unsupported products

Microsoft will stop supporting Windows 2000 and Windows XP Service Pack 2 next week - on Tuesday, July 13 - meaning that customers have to either upgrade to newer versions of the software or stop receiving security updates.

Microsoft is warning customers that "Unsupported products or service packs pose a significant risk to your computer's security. Therefore, Microsoft advises customers to migrate to the latest supported service pack and/or product prior to the end of support. Our latest products, such as Windows 7 and Windows Server 2008 R2, provide greater security, reliability, environment-friendly features, and a host of other benefits."

The move to end support for Windows 2000 and XP SP 2 is no surprise. Microsoft established the end-of-support date of July 13, 2010 for XP SP2 when it released Service Pack 3 more than two years ago.  

Although Windows 2000 has been around far longer, both Windows 2000 and Windows XP Service Pack 2 will receive essentially the same treatment starting July 13 - no more "security updates or non-security hotfixes."

A Microsoft spokesperson declined to say how many customers still use Windows 2000 and XP SP2, saying "we actually don't break out these numbers."

An analytics site called W3Counter shows Windows 2000 usage at less than one-half of one percent, but says Windows XP (all versions, not just SP2) is used by nearly half of customers.

Just because Microsoft is ending support for these Windows products doesn't mean customers will immediately stop using them. A stubborn contingent of businesses still use Internet Explorer 6 despite Microsoft urging them to update to newer versions.

For Windows 2000, all versions will reach the end of the Extended Support phase next week. This includes "Windows 2000 Server and Windows 2000 Professional (including Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Datacenter Server, Microsoft Windows 2000 Professional Edition, and, Microsoft Windows 2000 Server)," according to Microsoft.

Windows XP already moved from Mainstream Support to the less-comprehensive Extended Support in April 2009. XP Extended Support will continue until April 2014, but after next Tuesday customers must be on Service Pack 3 to receive the support.

Even for products that are still supported, Microsoft occasionally says it is unable to patch existing flaws. Just last month, Microsoft said it could not patch a vulnerability affecting Office XP Service Pack 3 which left users open to remote code executions.

Microsoft did offer an altnerative to a patch called a "fix it solution" in that instance. But in once case last September Microsoft detailed a similarly unpatched flaw in Windows 2000 Service Pack 4 and Windows XP that increased the risk of denial-of-service attacks, but did not offer a solution.

For those looking to upgrade to XP Service Pack 3, Microsoft blogger Erig Ligman offers instructions for determining whether you are on the latest edition and on how to download and update to the new software.

For companies really desperate to stay on 2000 and XP SP2, Microsoft offers a few options. For Windows 2000, some online content may be available to solve common problems, but this wouldn't include any new security updates. Customers of Windows 2000 may be able to purchase custom support, but only if they already have a Premier Support contract and a migration plan in place to upgrade to a supported version.

Windows XP SP2 customers will have access to "limited break/fix troubleshooting," but if any issues require a security update customers "will be asked to upgrade to a supported service pack."

As with Windows 2000, XP SP2 customers with a Premier Support agreement can buy custom support, which includes access to security hotfixes, but Microsoft will only make the custom support available to customers to bridge the support gap "while they migrate to a supported product or service pack."

Follow Jon Brodkin on Twitter.

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies