Win10 End-of-Life has Major Security Implications

John Lister's picture

With less than a year to go, Microsoft is sticking to its vow to stop supporting Windows 10. Analysts remain unconvinced given it remains the most used version of Windows. Officially, October 14, 2025 will be the end of life date for the system. Although it will still work, Microsoft will no longer offer security updates for Windows as standard. Instead, users will have the option to pay for extended security support. (Source: microsoft.com)

10 Year Life Cycle

In principle, this is perfectly normal. Next year is 10 years after Windows 10 was first released, and that's the normal lifecycle for Windows editions. However, this case has some big changes. One was that Windows 10 was not initially expected to have a distinct successor but rather to simply continue developing over time with regular updates. Windows 11's emergence six years later was something of a surprise.

Another is that the barrier to upgrading is more severe than with previous new versions of Windows. Commonly, the vast majority of Windows computers could run a new version because the only changes to the minimum specifications were a small increase in RAM or hard drive space.

Most PCs dated 2017 or older won't be able to run Windows 11. That's because PCs need specific processors and a hardware security feature called TPM (trusted platform module). That has left many people with a perfectly functional computer that has the power to run Windows 11, but cannot do so because of the new, seemingly arbitrary, Microsoft requirements.

As a result, roughly two thirds of Windows PCs are running Windows 10 as of September, 2024. Some owners may be leaving it late to upgrade, but many may have concluded their only option is to buy a new PC and that they aren't willing to do so given the arguably limited improvements in Windows 11. (Source: arstechnica.com)

Security at Stake

That creates a chicken-and-egg situation we haven't seen since the days of Windows Vista, where many users decided to use Windows XP way, way, way past its end of life date.

As we've mentioned many times on our website, using an out-of-date operating system (which is no longer supported by security updates by the developer) is incredibly dangerous. In many cases, a firewall will not stop an operating system zero day exploit. All that is needed is to have the system connected to the Internet to have it become infected.

Related: WinXP Lasts 10 Minutes Before Becoming Infected

If Microsoft extends the Windows 10 end of life, there will be less incentive to get Windows 11. But if it does stop security updates, there's a serious risk that hackers will be able to exploit unpatched vulnerabilities in literally hundreds of millions of computers.

What's Your Opinion?

Do you think Microsoft's decision to end support for Windows 10 is justified given the high number of users still reliant on it? How might this impact users who are unable to upgrade to Windows 11 due to hardware limitations? Should Microsoft reconsider its approach to ensure security for a broader range of users?

Rate this article: 
Average: 4.9 (12 votes)

Comments

DLStoehner's picture

do you remember when Microsoft told the world that Windows 10 was going to be the last Windows version? There was just going to be a service pack type of update to keep Windows 10 going.

olds97_lss's picture

I have 5 computers I'd have to replace to upgrade to windows 11. 3 in my house and a couple for the inlaws. To replace them, I'd have to spend right at $5K and unknown hours of re-installing/remembering what I have running on them that I need and setting them up on my network.

From what I read, MS will offer security patches if you pay... so, going to see what that costs.

I just checked in MS's site and see that it's Oct 2025... and rereading your post, I also see 2025. For some reason, I thought it was 2024.

Phew! One more year of procrastinating and saving up!

edhead_14862's picture

I think I heard that these updates were going to cost around $60-70 per PC for year one, then the cost doubled after that, for a maximum of three years. I guess they plan to completely stop offering the updates after year three. So in your case that would be $300 year one, $600 year two, and $1200 year three. Thats half the estimate that you provided. I say bite the bullet. It's no fun, I had to do the same two years back for two PC's and a laptop, but I didn't purchase them all at once, rather opting to stretch the cost over 18 months. ;-)

olds97_lss's picture

I saw the $60 thing also, but that was for commercial/corporate with the fee for home consumer user not listed yet.

edhead_14862's picture

No kidding, I hadn't read about that. That changes everything, because for Windows 7/8 they ONLY did it for enterprises, but I had thought I'd heard they were opening it up to consumers for Win10.

olds97_lss's picture

If you go here:
https://www.microsoft.com/en-us/windows/end-of-support

Select Windows 10, then scroll down to the FAQ section, it just says this:

What is the Windows 10 Extended Security Updates (ESU) program?

ESU is a paid program that will entitle enrolled PCs to receive Critical and Important security updates after support for Windows 10 ends. The program will provide Critical and Important security updates but will not provide other types of updates or technical support. Final pricing and enrollment conditions will be made available closer to the October 2025 date for end of support.

edhead_14862's picture

Nice.

ehowland's picture

If 100% of what you do is on webpages, and or you are retired (say parents) a chromebo0x might be enough. You can also convert old hardware using Chrome "FLEX" (have not done this myself yet). Then of course there is Linux. If you really need specific Windows programs or some compatibility (say office) or work from home a 2018+ PC might be needed. BUT if you have a 21017 (or older) PC chances are you don't work from home and or are very basic in your needs. Moved my mom (who is in her late 70s) to a Chromebook 5 years ago (from a crapple laptop) and it has been great, zero support.

ehowland's picture

If 100% of what you do is on webpages, and or you are retired (say parents) a chromebo0x might be enough. You can also convert old hardware using Chrome "FLEX" (have not done this myself yet). Then of course there is Linux. If you really need specific Windows programs or some compatibility (say office) or work from home a 2018+ PC might be needed. BUT if you have a 21017 (or older) PC chances are you don't work from home and or are very basic in your needs. Moved my mom (who is in her late 70s) to a Chromebook 5 years ago (from a crapple laptop) and it has been great, zero support.

ronangel1's picture

This is a multi million dollar upgrade.Out there some bright person is probably working out a way to supply third party security upgrades to win 10 This could also be an antivirus supplier that has the infrastructure already in place to do this already.Microsoft are shooting themselves in the foot with this greed, big mistake!

ehowland's picture

You are totally right on greed and M$ (microsoft)

If there's a good third party solution, it will be quite popular.

gi7omy_15619's picture

There is a workround for installing W 11 on older machines.

Download an app called 'Rufus' from https://rufus.ie/en/

That converts a .iso file to a USB install Drive and can remove the 4 GB RAM, Secure Boot and TPM 2.0 requirements so 11 can be installed on an older computer.

Dennis Faas's picture

I am not sure this will work with the latest Windows 11 24H2 release.

https://www.tomshardware.com/software/operating-systems/microsoft-patches-tpm-20-bypass-to-prevent-windows-11-installs-on-pcs-with-unsupported-cpus

Even if it did, it is a temporary fix because future updates on Windows 11 may require TPM, which means any security patches, including zero day exploit fixes, won't install.

gi7omy_15619's picture

While that is true, the workround can continue by downloading the 'new' iso from MS (or from https://uupdump.net/ ) and running setup while in the W 11 environment as an 'upgrade'

ehowland's picture

Dennis is totally right! (thanks Dennis). Even my high spec 2017 Dell XPS8920 gaming rig (NVMe, 32GB RAM, i7) which is CURENTLY Windows11, fails! (GPU). I did developer mode (did Alpha testing when it first came out in insider DEV mode), but because it's a 2017 chipset (specs all blown away) it FAILS current guideline (I use excellent free fast tool: WhyNotWin11).

I worked for a small local MSP (I.T. support). I retired but still help covering for vacations, illness etc.

As the primary "tester", I took on the task and personally surveyed hundreds of PCs (took months, did it remotely when PC was on but idle)

Generalized results (this is a huge base of ages and many brands.)

ANY PC launched before 2018 (not sale date) fails (GPU)!

Enterprise PCs (Latitude = Dell, ThinkPad = Lenovo, Probook = HP) depends on model but some as far back as maybe 2015 (depends on how high end it was). 2012 if TPM 1.2 is OK Vs 2.0 TPM.

Retail PCs vary widely, very inexpensive "Walmart" or sale PCs (Having personally fixed many or upgraded to SSD, HP is the worst cheapest design retail brand, their enterprise is good, but retail (staples/Walmart, Target, best buy etc. = RUN). Again this is 15 years of support and hands on.

Many pre 2018 retail PCs do not even have the OPTION for "Secure boot".

Prior to 204ish many retail PCs can't do UEFI (only BIOS). This is a requirement of Windows 11.

My questions for Dennis:
1. If ALL the requirements are met (other than CPU and it has TPM 1.2) is this OK?
2. If ALL the requirements are met (other than CPU and system does not support secure boot) is this OK?

Only two that can be ignored IMO is: CPU and DirectX (video), am I wrong?

Dennis Faas's picture

Windows 11 requirements are:

1. No less than TPM 2.0 (i.e., TPM 1.2 not supported), and

2. The hard drive must use GPT partition scheme and EFI enabled in BIOS

Note that if you change from MBR to GPT and don't change the BIOS to EFI then your system won't boot. I have already covered this scenario in another article as it pertains to virtual machines.

https://www.infopackets.com/news/11419/how-fix-upgrade-win10-vm-11-mbr-gpt-vmware

Always make a disk image backup before you make any changes because the system may not boot and it will be difficult to go back.

bern's picture

If you force the rapid scrapping of 2/3rds of Windows PCs, that is millions of tons of electrical waste. The recycling industry won't cope with it and it'll just go to landfill.

My main machine is a W11 XPS13, but I still have my old I7 Inspiron as a backup. It's got a 1Tb SSD and full memory. It's noticeably slower, but it's still fine for the basic tasks should the XPS fail or get stolen (travel a fair bit), until I can have it fixed, or replaced.

I suppose I'd have to convert it to a Chromebook or Linux and run W10 as a virtual machine. A lot of effort. I'd be happy with just security updates.

I have an AVM.de 3490 Fritz router from 2017 as part of my Mesh with a current more powerful AVM 4060 as the Mech Master. They have said they will not release any more feature updates for the 3490, but will issue security patches if necessary. I accept it will gradually be less use and will eventually have to be replaced, but it will not be a big bang and chances are more will get recycled.