A significant proportion individual users and organizations still run the Windows 10 operating system, just days before it reaches its end-of-life date, raising significant cybersecurity concerns.
On October 14, Windows 10 systems are will no longer receive security or feature updates, meaning that any new vulnerabilities will be left unpatched.
Remote desktop provider TeamViewer has revealed that over 40% of global endpoints that recently received support via a TeamViewer session still run Windows 10.
Additionally, a survey by UK consumer champion website Which? found that 26% of UK Windows 10 users do not plan to upgrade their operating system once support ends.
A further 11% of respondents said they were unsure of their plans moving forward.
Windows 10 Deadline a Security Cliff Edge
Microsoft has urged all Windows 10 customers to upgrade to Windows 11 ahead of the deadline.
Similarly, the UK’s National Cyber Security Centre (NCSC) has urged Microsoft customers to upgrade before October 11.
The agency highlighted past cases where cybercriminals exploited unpatched versions of the legacy Windows XP system. This includes the WannaCry ransomware attack in 2017, which severely impacted NHS services in the UK.
Dr Yvonne Bernard, CTO at Hornetsecurity, warned that the switch off for Windows 10 support is a cybersecurity and compliance “cliff edge” for many businesses that continue to use these products.
“Companies that fail to act and continue using outdated Office packages could face the following consequences: the loss of Microsoft technical support, increased vulnerability to malware, higher maintenance costs and even denied cyber insurance claims,” she commented.
Meanwhile, experts believe that attackers will ramp up their targeting of Windows 10 flaws once the end-of-life date passes.
“Sticking with Windows 10 beyond October is like leaving your front door wide open in a bad neighborhood. There will be no more updates, patches, bug fixes or technical support; you are on your own. Any newly uncovered vulnerabilities will now be left open, zero days will be undefendable – it’s open season for attackers,” warned Charaka Goonatilake, CTO at Panaseer.
Microsoft has said that the developments in Windows 11 will help ensure that users always have access to the latest security features and innovations.
Read now: Why Addressing Legacy IT is an Urgent Strategic Priority for CISOs
How to Start the Upgrade Process Today
For individual Windows 10 customers that have not yet upgraded, the first step is to check to see whether devices are able to meet Windows 11 requirements.
To do so, click the Start button, then go to Settings > Update & Security > Windows Update or use the PC Health Check app to see if your device meets the Windows 11 system requirements.
Current Windows 10 users will need certain hardware requirements to upgrade. These include Trusted Platform Module (TPM) 2.0, Unified Extensible Firmware Interface (UEFI) and support for Secure Boot.
For individual consumers who are unable or unwilling to upgrade by the deadline, Microsoft is offering an Extended Security Update (ESU) program for a one-time fee, providing a way of receiving critical security updates for Windows 10.
ESU support for personal devices and will run from October 15, 2025, to October 13, 2026.
At the enterprise level, organizations must firstly map out how and where Windows 10 is currently in use, by who and for what purpose.
The next stage is prioritization, ensuring teams focus on upgrading the highest risk systems first, while also identifying where compensatory controls need to be applied.
“Taking this pragmatic, data-driven risk-based approach helps security leaders to make the business case for investments. Organizations can then make informed decisions on what must be upgraded now, what can be protected in the short term, and what level of risk the business is actually willing to accept,” Goonatilake noted.
Image credit: Hadrian / Shutterstock.com
