Hundreds of millions of computers around the globe are still operating on Windows 10, even after the operating system officially reached its end-of-support deadline. For those managing these machines, the transition to Windows 11 may not yet be feasible. However, there is a silver lining: an Extended Security Updates (ESU) subscription is available. Consumers can access these updates free of charge until October 2026, providing a crucial buffer against potential security threats.
Security Risks of Unpatched Systems
Procrastination is not an option. Historical data indicates that cybercriminals are always on the lookout for unpatched systems, ready to exploit vulnerabilities that arise when support ends. The consequences can be dire. Reflecting on the past, one can recall the fate of Windows 7, which ceased receiving security updates on January 14, 2020. Microsoft did offer an ESU program for business customers, but the costs were often prohibitive, and securing these updates proved challenging for many.
By early 2021, an estimated 100 million PCs continued to run the outdated operating system. This delay in upgrading opened the door for ransomware groups to target these vulnerable systems. Networks such as Digital Shadows, LockBit, Conti, and Vice Society were quick to capitalize on the situation, launching sophisticated attacks that exploited newly discovered vulnerabilities.
Among the most notorious incidents was the PrintNightmare security flaw, disclosed in July 2021. This vulnerability wreaked havoc globally, prompting Microsoft to issue a rare patch for Windows 7, despite the end of support having occurred 18 months prior. Similarly, the WannaCry outbreak in 2017 targeted a vast number of Windows XP machines still in use, leading Europol to label it “the largest ransomware attack observed in history.” In both cases, Microsoft responded with emergency patches, but many other vulnerabilities remained unaddressed, leaving organizations exposed to potential breaches.
The Future of Windows 10 Security
As Windows 10 users ponder their next steps, the question arises: how likely are they to experience a large-scale attack similar to those that have plagued earlier versions? Predicting such events is inherently difficult. Attacks often occur unexpectedly, as attackers discover ways to exploit unpatched flaws. These incidents can involve multiple minor vulnerabilities that, when combined, result in a significant exploit.
Each month, Microsoft releases a comprehensive list of security fixes as part of its Patch Tuesday updates. This list includes a rating of each flaw’s exploitability. For instance, in November 2025, shortly after the end of Windows 10 support, a Windows Kernel vulnerability (CVE-2025-62215) was identified, with the bulletin indicating that successful exploitation could grant SYSTEM privileges. Alarmingly, this vulnerability was categorized as “Exploitation Detected.” The December updates revealed another vulnerability under the same classification.
While both vulnerabilities currently require local access for exploitation, history suggests that it is only a matter of time before remote attacks become a reality. When that day arrives, operating an unpatched, unsupported version of Windows could lead to severe consequences.