Skip to content
>_ITDITDWeb Security Platform

Learn

#security basics#patch management#end of life#Windows

Still on Windows 10? The security risks of running it after end of support

Windows 10 reached end of support on October 14, 2025. What's dangerous about keeping it (unfixable holes pile up, EOL machines get targeted), what the paid/free ESU extension does and doesn't cover, and your real options — upgrade to Windows 11, replace the hardware, or move to Linux — laid out honestly.

Published 2026-06-12 Updated 2026-06-12 8 min read

For: anyone still running a Windows 10 PC, wondering "I heard support ended — is it OK to just keep using it? There's some extension option too, right?" Here's the honest answer. No attack steps — just what the risk actually is, and how to move safely.

This site's view: antivirus doesn't fill the gap

"I've got security software, so I'm fine" is a common belief — and a mistaken one. Antivirus watches for suspicious files and behavior; it cannot patch holes in the OS itself (kernel, drivers, network handling). OS patches are the main line of defense and AV is only a supplement. The moment OS fixes stop, the lowest layer of your defenses develops a gap. "Stack whatever you like on top — if the foundation has a hole, it collapses." That's the essential danger of an out-of-support OS.

What ended, and when

  1. 2025-10-14

    Windows 10 end of support. Free security updates stopped here. From this point, a Windows 10 PC not enrolled in ESU gets no fixes for new vulnerabilities.

  2. through 2026-10-13

    The consumer ESU (Extended Security Updates) coverage window. Enroll, and you receive Critical/Important security fixes only, until this date. One year of life support.

  3. 2026-10-14 onward

    Consumer ESU ends too. Beyond this, there's no paid life-support route left for consumers — updates stop completely.

Why it's dangerous to keep using it

"It still runs, and nothing has happened so far" — that feeling is the trap. The danger doesn't arrive as a "break"; it arrives as holes quietly piling up.

never
found holes never get patched (forever-day)
pile up
known entry points grow every month
abandoned
browsers and apps drop Win10 support
targeted
EOL machines are 'targets known not to be fixed'

Concretely, here's what happens.

1

Unfixable holes pile up (forever-days)

A vulnerability found after end of support is, unless you're on ESU, never fixed. A published "unlockable entrance" stays open — and more appear, month after month. The worst case is a remote-takeover class hole (RCE) left unpatched indefinitely.
2

Attackers prioritize EOL machines

An OS that "is known not to get fixed" is an efficient target. History shows it: out-of-support, unpatched Windows machines were torched by mass ransomware (WannaCry and others). New holes concentrate on the unprotected EOL fleet.
3

Surrounding software abandons it in stages

Once the OS is EOL, browsers, security products, and apps drop Windows 10 support one by one (Chrome/Edge linger for a while, but not forever). Old crypto and TLS get left behind too, and the range you can use safely keeps shrinking.
4

Antivirus can't protect the main line

AV can't patch OS holes (see above). With patches stopped, the OS update that should be your last line no longer works. For work use, you also fail "must run a supported OS" requirements in compliance regimes and cyber-insurance.

What the extension (consumer ESU) really is

ESU (Extended Security Updates) is being opened to consumers for the first time. But it's a "security-only, one-year stopgap, not a solution." No feature updates, no bug fixes, no general support — only Critical/Important security fixes arrive.

IncludedCritical / Important security fixes
Not includedfeature updates, bug fixes, general support
Deadlinethrough October 13, 2026 (one year for consumers)
Even 'extend Windows 10' means different things. ESU is patch-only updates, and only through October 2026.

There are three consumer enrollment routes, and some are free.

1

Free: turn on Windows Backup

Sync your settings to a Microsoft account (Windows Backup), and you can enroll in ESU at no extra cost. A Microsoft account is required.
2

Free: redeem Microsoft Rewards points

Enroll in exchange for 1,000 Microsoft Rewards points. If you have points, no cash changes hands.
3

Paid: a one-time ~$30

If neither applies, enroll with a one-time payment of about $30 USD (regional equivalents apply).

The 'free first year' doesn't apply everywhere

After pressure from consumer-protection bodies, users in the EEA (European Economic Area) get the first year of ESU entirely free. But many regions — including Japan — are not in the EEA, so that exception doesn't apply; those users choose from the three routes above (Windows Backup / Rewards points / ~$30). Note that enterprise ESU runs up to three years, but its price roughly doubles each year — it, too, isn't a "use it forever" mechanism.

So how should you move?

The defenses are the mirror image of the risks. The key is to buy time with ESU and finish migrating within that window.

Do nothing, keep using it

  • unfixable holes keep piling up (forever-days)
  • it becomes a favored target as an EOL machine
  • surrounding software drops off, shrinking the safe zone
  • for work, you fail insurance / compliance requirements

Migrate (with ESU as a bridge)

  • Windows 11 means patches arrive again — the foundation is back
  • even on unsupported hardware, ESU secures time to migrate
  • old machines can be safely extended on Linux
  • migration becomes a planned task with a deadline
1

First, check whether you can move to Windows 11

If your hardware qualifies (TPM 2.0, a supported CPU, etc.), you can upgrade for free. This is the safest option, and it costs nothing. The PC Health Check and Settings will tell you whether you're eligible.
2

If the hardware won't qualify, enroll in ESU first to buy time

Enroll via the effectively-free "settings sync (Windows Backup)" route to secure breathing room through October 2026, then turn replacement/migration into a concrete plan. The goal is to get Tier 3 (updates and patches) of the baseline checklist working again.
3

If you just want to keep old hardware alive, Linux is an option

If you only want to keep using the machine without buying new, switching to a lightweight Linux (like Mint) lets you live on safely on an OS that still gets updates. For limited uses, it's a realistic answer.
4

Put interim guards in place until you've migrated

In the meantime: don't do daily work as an administrator, keep your browser current, and do important things like online banking on a separate, updated device. You can't seal the holes, but you can cut down the moments where you'd step on one.

How this site thinks about it

On handling out-of-support environments, this site applies the same principle laid out in "the practice of vulnerability response" — an end-of-life machine gets isolated before it gets removed. If you genuinely must keep an old Windows 10 box around, the worst thing is to use it as your everyday main machine, permanently connected to the internet. Conversely, isolating it — taking it off the network, narrowing its purpose, keeping no important data on it — thins out the attacker's path to it entirely. If you can't seal the holes, shrink the reach to them. That's the only safe way to coexist with an out-of-support OS. And the real goal remains: move to an OS that still gets updates before the ESU window closes.

FAQ

QHas Windows 10 support actually ended?
A

Yes. Windows 10 reached end of support on October 14, 2025 — free security updates stopped there. From then on, a Windows 10 PC that isn't enrolled in ESU (Extended Security Updates) receives no fixes for newly discovered vulnerabilities.

QIf I enroll in ESU, can I keep using it safely forever?
A

No. Consumer ESU only runs through October 13, 2026, and it delivers Critical/Important security fixes only — no feature updates, no bug fixes, no general support. It's a bridge to buy time; the real fix is upgrading to Windows 11 or replacing the hardware.

QIsn't antivirus enough to cover an out-of-support OS?
A

No. Antivirus can't patch holes in the OS itself (kernel, drivers, the network stack). OS security patches are the main line of defense and AV is only a supplement. Once the OS stops getting fixes, the foundation of your defenses has a gap that no AV can fill.