Windows 10 reaching EOL Status

On October 14, 2025, Windows 10 enters End of Life (EOL) status, meaning Microsoft will stop providing both feature updates and critical security patches for Windows 10 devices. Vulnerabilities on Windows 10 after this date will not be remedied by the usual security updates, subject to limited exceptions.

The last time that a popular Windows operating system (Windows 7) reached EOL was in 2020. That particular year was notable for a surge in the number of cyberattacks (many of which were severe and not all publicly disclosed), as cyber criminals exploited unpatched vulnerabilities and continued to do so every year the affected systems were unpatched. It is notable that Windows 10 appears to hold an even greater market share than Windows 7 when it reached EOL, indicating that there may be even greater interest and opportunity for cyber criminals to attack organizations who do not update their systems.

Organizations need to proactively prepare for this significant change. Inaction could pose a risk of becoming the target of cyber criminals seeking to exploit unpatched vulnerabilities. There also needs to be awareness of these exposures through third parties (such as vendors). Failing to protect business-critical systems from the exploitation of unpatched vulnerabilities might result in significant business interruptions and/or financial losses. 
 
Recommended Steps

1. Review: It is important to review your environments to verify that all instances of Windows 10 are accounted for. Ongoing audits (conducted at least annually) will also reduce the risk of inadvertent exposure to vulnerabilities due to continued use of Windows 10 systems.
2. Plan: Many organizations may already have plans in place to migrate their systems or use an exception listed below to manage their risks. For those that are not actively planning for this change, we recommend initiating reviews and implementing plans to ensure changes can be made well before the EOL date.
3. Action: Ensure that your organization has taken action to manage risks associated with Windows 10 entering EOL status. The main options include:

• Migrating to Windows 11: This operating system (OS) has numerous similarities with Windows 10, and it will likely absorb the majority of Windows 10's market share.
  • It cannot be assumed that all software will function exactly the same on both Windows 10 and 11. As new features and capabilities are introduced to Windows 11, the dissimilarities between these two operating systems will likely increase. Organizations should test legacy Windows software prior to deployment on Windows 11 systems.
• Purchase Extended support: Organizations that purchase extended support updates from Microsoft can receive security updates for an additional year.
  • The cost of extended support doubles every year and is only available for a maximum of 3 years
  • Ensure that all devices are accounted for and are actively managed if extended support is purchased
• Use Windows 10 Enterprise LTSC: (Long Term Servicing Channel) editions will continue receiving security updates. These editions are specifically designed for systems where stability is crucial and regular consumer features aren't needed (such as specialized systems connected to medical or manufacturing devices).
  • LTSC isn't ideal for many businesses because it lacks newer features that might improve the productivity of employees
  • Business software vendors could stop supporting Windows 10 entirely after October 2025, potentially causing application performance issues or (indirectly) security issues

Further Assistance
 
There is still time before the end of Windows 10 support, and organizations can act to effectively manage their risks. 
 
For further information, please contact QBE's Global Cyber Services team.