Summary
ngCERT is aware of Microsoft Corporation’s announcement of the End-of-Support (EOS) for Windows 10 on October 14, 2025. After this date, Microsoft will no longer provide security updates, technical support, or bug fixes for the Windows 10 operating system (OS). This advisory highlight the security risks associated with the continued use of Windows 10 post-EOS and provides mitigation strategies for organizations and individuals.
Description & Consequence
Microsoft follows a lifecycle policy for its products, after which extended support is discontinued. Windows 10, a widely used OS in both enterprise and consumer environments, will reach its end of support in October 2025. Post-EOS, the OS will no longer receive:
- Security patches for newly discovered vulnerabilities.
- Technical assistance from Microsoft.
- Bug fixes or performance improvements.
This discontinuation poses significant cybersecurity risks, as unpatched systems will be vulnerable to exploits targeting newly discovered flaws.
- Increased Vulnerability to Cyberattacks as attackers may exploit unpatched security flaws, leading to malware infections, ransomware, and data breaches. Legacy systems running Windows 10 may become prime targets for cybercriminals.
- Loss of Productivity & Business Disruption: System crashes, compatibility issues with newer software, and lack of vendor support may disrupt operations.
- Higher Long-Term Costs as maintaining outdated systems may require costly custom support agreements or emergency migration efforts.
- Non-Compliance with Regulatory Standards.
Solution
The following should be considered:
- Upgrade to Windows 11 or a supported OS: Ensure hardware compatibility and migrate to Windows 11 or another supported OS before EOS.
- Develop a Migration Plan: Inventory all Windows 10 devices and prioritize upgrades based on criticality. Ensure to test applications for compatibility before migration.
- Consider Extended Security Updates (ESUs): If migration is delayed, enroll in Microsoft’s Extended Security Update (ESU) program (paid) for critical patches (limited duration)
- Implement Strong Security Controls: Deploy Endpoint Detection & Response (EDR) solutions, Enforce network segmentation to isolate legacy systems while also applying strict firewall rules and application whitelisting.
- Switch to a Supported Alternative such as Linux-based OS
- Enhance Security Posture by using reputable antivirus/anti-malware solutions, as well as enabling multi-factor authentication (MFA) and regular backups.
Reference
Revision
