Computerworld

Bugs remain as Windows XP SP2, Server 2000 cut loose

SP3 upgrades might be hard

Unpatched Microsoft Windows XP Service Pack 2 and Windows Server 2000 bugs will remain forever after the Redmond giant cut support today.

The news comes four years after support was dumped for XP SP1, and it will be another four before the company drops support for the XP title completely.

Metasploit creator, HD Moore, noted on Twitter that Microsoft had cut Windows XP SP2 support four years after fixing a flaw he reported in 2006.

“Awesome,” Moore wrote, adding he could not reveal the flaw.

Microsoft has long-called for users to upgrade to the latest service packs, and stay abreast of Patch Tuesday updates.

But penetration testing firm HackLabs director, Chris Gatford, said SP2 would remain in use in some production environments and where migrating applications to SP3 is difficult.

“Difficult software won’t be upgraded to SP3,” Gatford said. "Modern software complexities means SP2 will remain.”

The termination comes weeks after Swiss Google engineer, Tavis Ormandy, found a critical vulnerability in Windows XP's Help and Support Center and published an exploit five days later.

The vulnerability allows hackers to run malicious code on a victim's computer, which was developed .

Sophos senior technical consultant, Grahame Cluely, dubbed the move “utterly irresponsible.”

Microsoft will provide Windows 2000 self-help online support for a year after the extended support phase ends.

Microsoft patched five security holes in its security update yesterday, including the Windows Help and Support Center flaw.