About Windows 10 End of Life (EOL)

• Released in 2015, Windows 10 was developed primarily for 31-bit (x86) processors. In 2021, it was succeeded by Windows 11, which requires a 64-bit CPU.
• Support for Windows 10 officially ends on October 14, 2025, and Microsoft will stop issuing free updates (including security patches), bug fixes, and general technical support for the OS. 
• Even though Windows 10 will still function, it will effectively become a ticking time bomb: any new vulnerabilities discovered post-EOL will go unpatched. Because of this, rest assured that attackers will actively look for Windows 10 systems as entry points into corporate environments.

How to upgrade from Windows 10

Microsoft advises upgrading Windows 10 to Windows 11 if the system is compatible. Compatibility can be checked with the PC Health Check app. If compatible, you can upgrade through Windows Update in Settings or use the Windows 11 Installation Assistant from the Microsoft website.

If the system is not compatible with Windows 11, you can install a Linux OS, such as Linux Mint, as a safe alternative. However, if you *must* still use Windows 10, Microsoft is offering an Extended Security Updates (ESU) program as a temporary bridge, but it is explicitly meant as a stopgap, not a long-term solution. Also, it’s a costly option.

Risks of not upgrading Windows 10

Staying on Windows 10 after its end-of-support date poses significant risks: 

• Without regular security patches, Windows 10 systems will become vulnerable to malware, ransomware, and other cyberattacks. This effectively makes them ticking time bombs, just waiting to be discovered and exploited by a bad actor.
• Businesses in regulated industries may fail to meet compliance requirements for data protection, risking fines or loss of contracts.
• Critical business applications and peripherals may become incompatible over time, leading to operational problems and performance degradation. For instance, Microsoft 365 apps will eventually lose support on Windows 10.

How attackers will be sniffing out Windows 10

If one thing is certain, Windows 10 will be on attackers' target lists, and it won’t be difficult for them to find exposed Windows 10 systems. 

They can use tools like Nmap to send specially crafted network packets to target systems and analyze the responses. Specific differences in how Windows 10 handles these packets, such as its TCP window size, initial sequence numbers, and IP header fields, will reveal their identity to an attacker. Attackers can also determine the OS by analyzing packet characteristics, such as the Time-To-Live (TTL) value and the settings of certain TCP options.

Bad actors also frequently utilize Shodan, a search engine that finds and organizes information on internet-connected devices, including computers, webcams, routers, and the Internet of Things (IoT). Using Shodan, they can continuously scan the internet for devices with open ports and collect information about them. They can use a simple filter such as os:"Windows 10" to find potential targets. As time goes on, more and more Windows 10 vulnerabilities will be discovered, and Windows 10 will soon become ‘the weakest link’ in the environment.

Why aren’t all companies upgrading their Windows 10 systems?

So why are 5.25% of workloads still running Windows 10? Are there also valid reasons not to upgrade yet?

Required hardware upgrades

Many endpoints running Windows 10 do not meet the stricter hardware requirements for Windows 11, such as the mandatory Trusted Platform Module (TPM) 2.0 chip, so hardware needs to be replaced, which could incur significant capital expense. However, rather than simply remaining on Windows 10, there are other options, such as upgrading to a Linux OS.

Legacy applications

Businesses, especially in specialized industries like healthcare, often rely on older, custom-built, or industry-specific software that may not work properly on Windows 11. The risk of breaking a critical business application or losing data during a migration is a major deterrent. This is the most valid reason for postponing upgrades. However, in such instances, extended support is recommended while concurrently prioritizing the update of the relevant software application.

Fear of breaking things

Companies that experienced difficult migrations from Windows 7 to Windows 10 are hesitant to repeat the process, fearing downtime and unexpected issues. The attitude ‘if it works, don’t fix it’ might sound reasonable, but it is a very shortsighted approach given the significant risk of running an outdated and unsupported OS.

How to check if you’re still running Windows 10

The Mondoo platform can help you check if you still have any Windows 10 systems running. Remember that you might *think* that you don’t have any Windows 10 systems, but there may be some cloud assets outside of the IT department’s control (i.e., shadow IT) that could still be running it. Maybe developers spun up a Windows 10 instance in the cloud to test an application and forgot about it. Perhaps there are uninstalled Windows 10 packages that can be exploited. 

Mondoo gives you a clear answer by scanning cloud, on-prem, and endpoints for Windows 10 operating systems and alerts you if they are found. Mondoo will also specify if there are other risk factors found on the machine that increase risk, such as internet exposure, open ports, or if the asset is tagged as high criticality.

Conclusion

Now is the time to act. First, if you haven’t done so already, audit your environment and make sure you know about the existence and location of every Windows 10 system. Then, build a migration plan, invest in extended support if necessary, and make upgrading legacy applications (if needed) a priority. The cost of preparation and upgrade will always be far lower than the cost of a data breach, compliance failure, or operational disruption. 

Mondoo can scan your entire environment for any Windows 10 systems and tell you if there are any heightened security risks. Schedule a demo today.