In a troubling turn of events, previously addressed vulnerabilities in Windows are resurfacing, posing significant risks to users. As if on cue, a new warning has emerged for approximately 400 million individuals, urging them to take immediate action to safeguard their PCs and personal data from potential threats.
Advocacy for Extended Support
The public interest advocacy group, PIRG, is actively campaigning for Microsoft to broaden the Windows 10 support extension currently available to educational institutions, extending it to all users. They caution, “In one year, Microsoft plans to end support for Windows 10,” a move that could render up to 400 million computers obsolete almost overnight. This decision threatens to trigger an unprecedented wave of discarded computers, with serious implications for both consumers and the environment.
While schools have received a reprieve from Microsoft ahead of the October 2025 end-of-life deadline for Windows 10, PIRG highlights the urgency of the situation. “Windows 10 expires in one year,” they state, emphasizing the potential for millions of PCs to be junked. The advocacy group is pushing for similar support arrangements for home users, ideally at minimal or no cost.
Under Microsoft’s new policy, educational institutions can maintain the security of their Windows 10 computers for an additional three years by paying a nominal fee— per computer for the first year, for the second, and for the third. This pricing structure is significantly more affordable than the extended support options available to enterprises. While consumers may also have the opportunity to purchase extended support, specific pricing details remain undisclosed. PIRG continues to advocate for an automatic extension of essential security updates for Windows 10.
Environmental and Security Concerns
The looming issue of electronic waste is compounded by a more pressing security landscape. Owners of the 400 million potentially obsolete PCs, along with an additional 500 million capable of upgrading to Windows 11 but yet to do so, have received two critical warnings that underscore the urgency of their situation.
The first warning pertains to a serious “downdate” threat that was initially revealed in August. Although Microsoft addressed two vulnerabilities following security researcher Alon Leviev’s findings, one significant issue remains unpatched. Leviev has cautioned that the “Windows Update takeover,” reported to Microsoft, has not been resolved, as it did not cross a defined security boundary.
This presents a grey area, as exploitation necessitates physical, administrative-level access to a device. “Microsoft did fix every vulnerability that resulted from crossing a defined security boundary,” Leviev explained to Dark Reading. “Crossing from administrator to the kernel is not considered a security boundary, and hence it was not fixed.”
Nevertheless, it is prudent to maintain support as vulnerabilities are patched, especially given the recent emergence of a Windows Theme vulnerability now classified as a zero-day threat. Despite a recent patch (CVE-2024-38030) issued by Microsoft, the risk remains partially unmitigated, according to Cybersecurity News.
The specifics of these vulnerabilities are less critical than the broader issue: the reliance of hundreds of millions on automated support, which is set to abruptly cease in a year. The Windows ecosystem appears ill-prepared for such a transition.
The Countdown Clock
As PIRG emphasizes, “The one-year countdown clock is ticking,” launching a petition to urge Microsoft to extend support. “While Microsoft is celebrating their earnings, the company should decide to lead the technology industry to support longer-lasting products. Automatically extending Windows 10 could prevent the largest surge of junked computers and assist the tech giant in achieving its ambitious sustainability goals.”
While these sustainability objectives are commendable, the urgency of the security imperative cannot be overstated. The countdown clock represents a looming crisis for Windows users globally. With the current state of confusion, it is inevitable that threat actors will seek to exploit newly emerging vulnerabilities, underscoring the need for immediate action and clarity from Microsoft.
