Full Report
Microsoft has officially ended support for Windows 10, affecting hundreds of millions of users worldwide. This decision comes nearly a decade after the operating system's initial release and signals the end of free security updates, bug fixes, and technical support for the platform. The termination of support leaves all Windows 10 devices exposed to security threats. Without regular updates, these systems become easy targets for cybercriminals, particularly given the OS's extensive user base. It has been well documented that hackers often exploit systems that are no longer patched, turning outdated software into a high-value target for malware and ransomware campaigns. A Flood of Vulnerabilities for Windows 10 The Cyber Express found that thousands of known vulnerabilities have already been logged in public databases such as ExploitDB. Among the most concerning flaws identified in Windows 10 are: CVE-2025-29824: A “use after free” issue in the Common Log File System Driver, with a CVSS score of 7.8, actively used in ransomware attacks. CVE-2025-29809: Insecure storage in Windows Kerberos allows local bypass of security features. CVE-2025-24997: A null pointer dereference in the Windows Kernel Memory with a denial-of-service vector. CVE-2025-24993: A heap-based buffer overflow in NTFS, marked as “known exploited,” with a high EPSS score of 2.19%. CVE-2025-24984: Sensitive data leakage via NTFS log files, also flagged as exploited, with the highest EPSS score noted — 13.87%. Many of these vulnerabilities allow attackers to escalate privileges, run unauthorized code, or even compromise networks remotely. Several have already been added to the CISA Known Exploited Vulnerabilities (KEV) catalog. The Windows 11 Upgrade Dilemma Microsoft recommends that users upgrade to Windows 11, which remains under active support and offers improved security features. However, not all PCs are eligible for the upgrade due to stringent hardware requirements. A Forbes report highlights that around 200 million devices worldwide still running Windows 10 do not meet the technical specifications needed for a free upgrade to Windows 11. What Are the Options for Windows 10 Users? For users unable or unwilling to upgrade, Microsoft outlines a few paths forward: Upgrade to Windows 11: This is the most secure option, provided the device meets system requirements. Eligible users can check via Settings > Update & Security > Windows Update to see if the upgrade is available. Purchase a New Windows 11 PC: Users with older, incompatible systems may need to invest in new hardware that supports Windows 11 out of the box. Extended Security Updates (ESU): A paid subscription plan is available for those who need more time before transitioning. The ESU program offers critical security patches for one additional year but comes with a cost that may not be viable for many consumers. Continue Using Windows 10 (Unsupported): PCs running Windows 10 will still function, but without updates, they are increasingly susceptible to threats. Microsoft advises backing up data regularly and using extreme caution if choosing this route. Office Support Is Also Affected The end of support doesn't just apply to the operating system. As of the same date: Office 2016 and Office 2019 are no longer supported on any OS. Office 2021, Office 2024, and LTSC versions will still run on Windows 10, but without support or updates. Users are encouraged to migrate to Microsoft 365 or move these licenses to a supported Windows 11 machine. Support for Office 2021 and Office LTSC 2021 will end in October 2026. Data Backup Is Critical Regardless of whether users upgrade, enroll in ESU, or continue using unsupported devices, backing up data is crucial. Transitioning to a new operating system or continuing with Windows 10 without security patches increases the risk of system failure and data loss. Additionally, Microsoft advises users to securely wipe hard drives using built-in tools before recycling, reselling, or donating old devices. Trade-in and recycling programs are available via Microsoft and participating PC manufacturers. The end of Windows 10 support introduces serious challenges for millions of PC users globally. Those unable to shift to Windows 11 are left with limited options: a costly ESU program or running an unsafe system. Given the rising number of exploits and the growing cybersecurity threat landscape, users must act promptly, whether through upgrades, data backup, or transitioning to new hardware.
Analysis Summary
This article primarily discusses the end-of-support lifecycle for Windows 10 and associated Microsoft Office products, which creates widespread *unpatched* risk rather than detailing a specific, newly disclosed vulnerability with a CVE. Therefore, most sections related to CVEs, specific severity, and exploitation status will reflect the general risks associated with running unsupported software.
# Vulnerability: End of Support for Windows 10 & Unpatched Risk
## CVE Details
- CVE ID: N/A (This is a End-of-Life announcement, not a specific vulnerability CVE.)
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: Windows 10 (All editions reaching end of support)
- Versions: Windows 10 versions reaching the end of free support (General availability support ended October 14, 2025, though ESU details vary by edition).
- Configurations: Any device running unsupported Windows 10 or Office installations without enrolling in the Extended Security Updates (ESU) program.
## Vulnerability Description
The primary security concern described is the cessation of official security updates and patches from Microsoft for Windows 10 and certain Office versions. This leaves systems vulnerable to all future disclosed and zero-day exploits that target components within the operating system or bundled software, significantly increasing the attack surface.
## Exploitation
- Status: **Exploited in the wild** (Implied, as all newly discovered vulnerabilities affecting the exposed OS will not be patched for unsupported systems.)
- Complexity: Varies (Depends on the exploit targeting the now-unpatched code paths.)
- Attack Vector: Varies (Network, Local, etc., depending on the underlying unpatched flaws.)
## Impact
- Confidentiality: **High** (Unpatched systems are susceptible to remote data theft.)
- Integrity: **High** (Unpatched systems are susceptible to modification or tampering.)
- Availability: **High** (Unpatched systems are susceptible to denial-of-service attacks or ransomware.)
## Remediation
### Patches
- **Official Free Support Ended:** No further free security patches are being issued for standard Windows 10 installations.
- **Extended Security Updates (ESU):** Users must purchase and enroll in the paid ESU program to continue receiving critical security updates for up to three additional years. (Specific patching cadence under ESU is vendor-dependent outside this summary).
- **Recommended Patch:** Upgrade to a currently supported OS, such as Windows 11.
### Workarounds
- Securely wipe hard drives before recycling, reselling, or donating old devices.
- Migrate Office licenses to Microsoft 365 or move them to a supported operating system (e.g., Windows 11).
## Detection
- **Indicators of compromise:** Standard indicators for compromise on any Windows system, including unusual network activity, unauthorized file access, or unexpected processes, should be treated with higher suspicion on unsupported devices.
- **Detection methods and tools:** Utilize Endpoint Detection and Response (EDR) tools, but be aware that the fundamental risk remains that the OS kernel may lack defenses against exploits targeting previously unknown security flaws. Continuous network monitoring is critical.
## References
- [Windows 11 Upgrade Guide (Implied)](https://thecyberexpress.com/upgrading-windows-10-to-windows-11-easy-steps/ - defanged)
- [General Security Risk Information (Implied)](https://thecyberexpress.com/what-are-risks-in-cybersecurity/ - defanged)
- [Discussion on Cybersecurity Threat Landscape (Implied)](https://thecyberexpress.com/adaptive-cybersecurity-strategies/ - defanged)