Microsoft to end Windows 10 support, raising security concerns

Microsoft is set to end support for Windows 10, leaving millions of devices without security updates and patches.

From mid-October, updates and security fixes will no longer be provided for Windows 10 devices unless they are enrolled in the Extended Security Updates (ESU) programme. This change is expected to impact a significant number of consumers and organisations, as nearly half of all Windows PCs are still operating on Windows 10.

The transition to Windows 11 has been slowed by new hardware requirements, meaning many older devices cannot upgrade. This situation leaves many consumers and businesses at continued risk unless they take additional measures.

Security concerns

Luis Corrons, Security Evangelist at Avast, outlined the security implications of this move and offered guidance for users facing the end of support.

“End of support is not the end of the world, but it is the end of free safety nets. Attackers know that, which is why unpatched Windows and driver bugs become long-lived entry points. It is also an opportunity for scammers. People may see fake pop-ups, upgrade offers or even get phone calls pretending to be from Microsoft.”

With the discontinuation of standard updates, no new features will be issued for Windows 10, and security fixes will only be available to those enrolled in ESU. Without these patches, vulnerabilities in the operating system and device drivers are likely to become permanent, leaving them as potential entry points for attackers.

These security gaps can allow unauthorised access to devices, exposing files, personal data, and passwords. Attackers could also use compromised devices to conduct further attacks. In addition, new peripherals or applications are more likely to experience compatibility issues on unsupported machines.

Guidance for consumers

Avast has issued specific recommendations for consumers whose devices will be affected. The primary advice is:

• If eligible, upgrade to Windows 11.
• If upgrading is not possible and users must stay with Windows 10, they should enrol in the ESU programme. In the EU and EEA, this service is available free for consumers for the first year; elsewhere, both consumers and businesses have paid options.

For those continuing to use Windows 10, several measures can improve security. These include keeping browsers and third-party applications up to date, removing the SMB1 protocol, using a reputable security suite that maintains Windows 10 support, utilising a non-administrator account, enabling multi-factor authentication, and maintaining offline backups.

Advice for businesses

Businesses have additional responsibilities to protect networks and sensitive information. Recommendations from Avast include:

• Running an inventory of Windows 10 endpoints.
• Segmenting networks.
• Restricting macros and unsigned drivers.
• Turning on application allow-listing.
• Planning hardware refresh cycles for machines that cannot be upgraded.
• Budgeting for multi-year ESU subscriptions as required.

The cost of ESU for businesses starts at approximately USD $61 per device for the first year and increases annually thereafter.

Risk of scams

There is a heightened risk of scams preying on users during this transitional period. Corrons highlighted the tactics scammers may use:

“People may see fake pop-ups, upgrade offers or even get phone calls pretending to be from Microsoft.”

Users are cautioned that if their device is eligible for an upgrade, the official notification will come directly from Microsoft. Any unsolicited calls or pop-ups regarding upgrading should be treated with suspicion and not acted upon.

With the October deadline approaching, users and organisations are urged to review their security arrangements and take recommended precautions to minimise risks associated with unsupported operating systems.