Windows 10 Support Ends: What Happens to 40% Still Using It?

Windows 10 reaches the end of support today (14 October 2025), leaving millions of machines without security updates. Data from TeamViewer shows that over 40% of global endpoints still run the operating system, based on an analysis of 250 million anonymised connections between July and September 2025.

Microsoft will no longer provide routine security fixes unless devices are enrolled in Extended Security Updates (ESU), a paid programme that starts at around US$61 per device for the first year and increases annually. The European Economic Area has secured one year of free ESU for consumers following pressure from customer advocacy groups, but this does not extend to UK users or businesses.

Matt Balderstone, Cybersecurity Advisor at CyberArk, says organisations cannot afford complacency. “Once Windows 10 reaches end-of-life, the absence of security updates will leave millions of machines exposed to future vulnerabilities that will never be patched, creating the prime conditions for attackers to exploit legacy systems,” he says.

The transition to Windows 11 has been complicated by hardware requirements rather than previous upgrades which only involved a software update. “The end of Windows 10 support shouldn't come as a surprise, yet many organisations remain unprepared,” says Dave Adamson, Solutions Director at Creative ITC. “Every day of delay increases risk and makes the transition harder.”

CyberArk warns of repeat WannaCry scenario

In 2017, the EternalBlue exploit targeted systems at end-of-life or lacking patches. Two months after Microsoft issued a patch, the WannaCry ransomware attack spread globally within hours, bringing NHS services in the UK to a standstill and causing the cancellation of over 19,000 appointments and operations.

“We can’t bury our heads in the sand as we've seen a similar scenario play out before,” Matt says. “Taking into account the pace of digital transformation since 2017, we could see an EternalBlue-style vulnerability emerge again – only this time, it’ll be on an even greater scale, considering the interconnected cloud environments of today.”

Matt says even one unpatched endpoint could compromise entire networks. “Even one unpatched endpoint could serve as an ‘Achilles heel’ that cripples an entire network, increasing the likelihood of credential theft, session hijacking or lateral movement across hybrid or multi-cloud environments.”

Jan Bee, Chief Information Security Officer at TeamViewer, says the timeline matters. “Companies and individuals need to upgrade to a newer, supported operating system as soon as possible. Keeping your systems up to date is one of the most effective ways to protect individuals and businesses against cybersecurity threats.”

Avast highlights scam risks for Windows 10 users

Luis Corrons, Security Evangelist at Avast, warns that the end of support creates opportunities for scammers as well as hackers. “End of support is not the end of the world, but it is the end of free safety nets,” he says. “Attackers know that, which is why unpatched Windows and driver bugs become long-lived entry points. It is also an opportunity for scammers. People may see fake pop-ups, upgrade offers or even get phone calls pretending to be from Microsoft.”

Beyond the security threat, organisations face compliance and operational problems. Dave says organisations need to treat this as more than an IT problem. “This isn’t an IT upgrade issue. It’s a business continuity issue,” he says. “Firms should be auditing devices, addressing compatibility gaps and planning refreshes. For some, that may mean replacing hardware; for others, it's an opportunity to explore more flexible infrastructure models.”

For organisations with devices that cannot meet Windows 11 hardware requirements, the options include hardware refresh or alternative infrastructure models such as virtual desktops. Some vendors, including TeamViewer, have developed tools to check compatibility requirements including processor generation, Trusted Platform Module configuration and Secure Boot settings.

“In an era of unprecedented cyber risk, with new cyberattacks targeting businesses every day, one Windows 10 machine is now too many,” Matt says. “It’s crucial that consumers and businesses work to update their systems by the deadline to avoid exposing their operations to security risks.”