It was heralded as a game changer when it was released  nearly six years ago, but now it’s being let out to pasture without a path back to the barn. It’s Windows XP Service Pack 2 and last week, Microsoft released the last security patches it’s ever going to release for that version of its operating system.

What made XP SP2 different from other maintenance releases from Microsoft was it added new features to the operating system and wasn’t just an amalgam of all the fixes and patches that came before it. What’s more, many of those new features beefed up the security of the OS in a way that profoundly influenced the modus operandi of the Black Hat community.

Among the security features added to XP by SP2 were a local firewall that was on by default, a security-status dashboard and nascent moves at using Data Execution Prevention (DEP) to block attacks. DEP works like this: as Windows monitors programs running under its hood, if it sees an application engaging in malicious activity, it will shut it down.

Measures like those are why SP2 is given credit for forcing cyber bandits away from operating system and network-targeted attacks and toward desktop applications like Microsoft Office and Adobe Reader.

In its day, the SP2 firewall feature was a particular favorite of network administrators. It gave them the power to manage local firewalls. Prior to SP2, local firewalls had to be obtained from third-party vendors, and they were difficult to manage. That discouraged installation of the firewalls on local machines, which left them sitting ducks for malware once it breached an organization’s perimeter defenses.

Now that SP2 won’t be patched again no matter how severe the vulnerability uncovered, no matter what part of Windows may be involved, it is wise for SP2 shops to move to SP3, which Microsoft has pledged to support until at least April 2014. Should organizations start moving to SP3, it would be a major migration. It’s estimated that some 77 percent of organizations are still operating under XP and of those still using XP, 10 percent or more are using SP2.

It should be noted that Microsoft’s cutting its umbilical to SP2 affects more than just a machine’s operating system, but other components of the service pack as well, such as Windows Media Player and Outlook Express.

For shops resistant to deserting SP2, there are some  steps that can be taken to maintain a secure environment. One of them is to practice safe computing–something that should be done whether running SP2 or anything else. That means keeping anti-virus software up to date and firewalls turned on, as well as avoiding websites that you’re not sure are safe.

Another step is to keep your third party applications up to date. You can’t do anything about Microsoft making SP2 an orphan, but that may be less of issue for you in the future as the service pack has done a good job of discouraging attacks on its code and inducing cyber huns to look at other areas to pillage, most notably non-Microsoft programs like Adobe Reader. Attacks on that program alone, for example, increased 65 percent from quarter one this year compared to the same period last year.

Admittedly, upgrading third-party apps aren’t as easy as keeping Microsoft programs up to date. Most don’t have a nice automatic system like Windows Update to keep them current, but the effort will be worth it.

It also might be time to dump Internet Explorer. If you’re using SP2, you won’t be getting any security patches any more for versions 6, 7 and 8 of Microsoft’s much maligned Web browser. On the other hand, other browser makers won’t be deserting you if you use their software. Apple, Mozilla, Google and Opera won’t be ignoring XP for some time. Firefox, in fact, will even run with Windows 2000, which was also patched for the last time by Microsoft last week.

Keep in mind that if you use Mozilla, it supports the previous version of Firefox with security updates for at least six months after the introduction of a new edition of its browser. So when Firefox 4 is rolled out in November, you’ll have security updates for the current release of the product until May of next year and maybe beyond.

Finally, although Microsoft may have given up on you, you shouldn’t give up on Microsoft. You still should check the bulletins the company publishes each “Patch Tuesday.” They sometimes contain valuable information on “workarounds” to secure a system when a patch can’t be installed. The same is true for the security advisories Microsoft issues from time to time.