As the first Patch Tuesday approaches following the end of support for Windows 10, users who continue to operate this version of the operating system are encouraged to enroll in the Extended Security Updates (ESU) program. This initiative is crucial for safeguarding against newly identified security vulnerabilities.
Windows 10 officially reached its end of support on October 14, 2025. This milestone means that Microsoft will cease to provide technical assistance, feature updates, or security updates for the operating system, except for those utilizing a Windows LTSC version.
For individuals unable to transition to Windows 11—whether due to personal preference, outdated hardware, or incompatible applications—Microsoft offers the ESU program. This program allows continued access to security updates for a limited duration.
For consumers wishing to obtain extended security updates for an additional year, the process is straightforward:
- Pay a fee of .
- Backup your Windows settings to your Microsoft account.
- Redeem 1,000 Microsoft reward points.
Regardless of the chosen method, users must log in to a Microsoft account associated with the ESU license.
In the European Economic Area, consumers have a slightly more flexible option. They can receive ESU for free simply by logging into Windows 10 with a Microsoft account, or they can opt to pay to continue using a local account.
Enterprise customers have the opportunity to utilize the ESU program for a total of three years, with the cumulative cost per device amounting to 7.
Given the accessibility of Windows 10 extended security updates—either free or at a nominal cost—it is advisable for anyone still using Windows 10 to enroll in the program to ensure ongoing protection.
Microsoft frequently addresses security vulnerabilities that are actively exploited, which can compromise Windows 10 security warnings and facilitate the installation of malware. For instance, in the October 2025 Patch Tuesday updates, Microsoft addressed a vulnerability in the Windows Agere Modem Driver, tracked as CVE-2025-24990. This flaw was exploited in attacks aimed at gaining administrative privileges on devices.
While details regarding the exploitation remain undisclosed, it is conceivable that malware or threat actors with remote access could have leveraged this vulnerability. With new vulnerabilities being reported and resolved each month, securing timely updates is paramount, making enrollment in the ESU program a prudent choice.
Getting Windows 10 ESU for consumers
To qualify for the Windows 10 Extended Security Updates (ESU) program, users must be operating Windows 10, version 22H2 Home, Professional, Pro Education, or Workstations edition. It is also essential to ensure that all available updates are installed via Windows Update, as a recent bug has caused incorrect end-of-support warnings on some Windows 10 systems.
Once all updates are current, users can enroll in ESU by navigating to Settings > Update & Security, followed by clicking on Windows Update. A message should appear indicating that “Your version of Windows has reached the end of support.”
Source: BleepingComputer
If the window is fully expanded, users should click on the “Enroll now” option found under the “Enroll in Extended Security Updates to help keep your device secure” section in the sidebar. If the Windows Update window is minimized, scrolling down will reveal this option.
Source: BleepingComputer
Upon entering the Enroll in Extended Security Updates wizard, users will be presented with information about the ESU program. Clicking the Next button will advance to the subsequent screen.
Source: BleepingComputer
The next screen outlines options for receiving the Extended Security updates. If using a Microsoft Account, Windows 10 typically backs up settings by default unless this feature has been disabled. Users who have enabled backups will be informed that they can receive Extended Security updates at no cost.
If backups are not enabled, various enrollment options will be presented, including enabling backups, using reward points, or paying the fee. It is worth noting that users can activate Windows backup at any time to qualify for free ESU updates by navigating to Settings > Accounts > Windows Backup and toggling the first option under “Remember my preferences.”
Once the backup is confirmed, users can proceed by clicking the Enroll button. Alternatively, if opting for a paid method, the next screen will prompt users to either redeem reward points or enter credit card information to finalize the purchase.
Source: BleepingComputer
Regardless of the enrollment method—whether free, redeemed, or purchased—users will receive confirmation that their device is enrolled in the Windows 10 ESU program until October 13, 2026. Microsoft will also recommend backing up the device using the Windows Backup program, although this step is optional.
Source: BleepingComputer
Users can conclude the enrollment process by clicking the Done button. The successful enrollment will be reflected in Windows Update.
Source: BleepingComputer
Windows 10 ESU in the enterprise
This discussion does not delve into the complexities of enrolling business devices in the Extended Security Update (ESU) program, as the process is notably more intricate. For organizations, acquiring licenses through Microsoft Volume Licensing or Cloud Solution Provider partners is necessary. Each device must then be activated with a unique ESU key and managed using tools such as Intune, WSUS, or Configuration Manager.
For further insights on enrolling Windows 10 devices into ESU within an enterprise context, reviewing the relevant Microsoft support article is advisable.
Additionally, Microsoft recently announced that Windows 10 devices accessing Windows 365 Enterprise Cloud PCs and Windows 365 Frontline Cloud PCs can also benefit from free enrollment in the ESU program.
For those interested in modern patch management solutions, BleepingComputer will host a webinar next month titled “Winning the 2026 vulnerability race: Closing the gap between detection and remediation.” This session will focus on patch management in the enterprise, encompassing Windows and other applications.
