Cybersecurity

Microsoft is pulling the plug on Windows 10. Here's what you need to know

Microsoft's support for the Windows 10 operating system ended on 14 October.

by Alessia Valentini

11 November 2025

3' min read

Translated by AI

Versione italiana

3' min read

Translated by AI

Versione italiana

Microsoft's support for the Windows 10 operating system ended on 14 October. This means that after that date, technical support, feature and security updates are no longer provided. There are three possible solutions and if not pursued, they open the door to possible IT security and privacy risks. Doing nothing is the only wrong choice.

Self-Assessment for Informed Decisions

In the case of the end of life of an operating system, digital adversaries immediately carry out passive web analyses (scans) to check for the existence of systems exposed to outdated vulnerabilities, with the aim of exploiting them: they try to take advantage of the case in which some organisation has not prepared in time.

Every organisation adopting the old operating system, if it has not already done so, should carry out a re-evaluation of the risks with respect to the number of devices affected, the type of data managed, and the possibility of adopting one of the solutions, especially in relation to the costs to be faced in relation to the cost of potential damage. But the risks may concern both the compatibility of updates with legacy business software and user downtime, which causes loss of productivity. Whatever the business condition, there is no one-size-fits-all choice. Each entity must self-assess in order to proceed consciously and appropriately.

The three solutions

The recommendations coming directly from the parent company concern three possible choices: upgrade to the next version of the Windows 11 operating system on one's own device, if only the device is suitable to support such a step (and one can check in the 'check for updates' section if the automatic notification has not arrived); purchase a new device already equipped with Windows 11 in case the old device is not suitable for the new system; join the Extended Security Update (ESU) programme through paid membership to get support for one year (until 14 October 2026), gaining time to decide on hardware upgrades or replacements.

Password, truffe, IA: arriva un decalogo per la sicurezza in rete

Potential risks

Users still using Windows 10 account for almost 60 per cent of companies, with 53 per cent of home users and even 8.5 per cent still using the obsolete Windows 7, whose support from Microsoft ends in 2020 (Source: Kaspersky Study). The greatest risk of not choosing a solution exposes one to significant security and privacy risks, as such operating systems become more vulnerable to digital attacks and can also become incompatible with installed and installable software and their security updates.

If one of the three solutions is not applied, companies expose themselves to the risks of falling victim to ransomware (malicious software that causes ransom demands) and malware (generic malicious software) with a 94 per cent probability, data breaches (93 per cent), lack of patching for new security threats (91 per cent), compliance risks (89 per cent) and impact on corporate reputation (88 per cent). The data comes from Panasonic TOUGHBOOK's 'navigating the shift: the business case for upgrading to Windows 11' research, which also highlights the cost aspect: two-thirds of respondents expect to face higher costs overall, with 55 per cent anticipating that these will come in the form of increased IT security expenses. Forty-eight per cent anticipate an increase in support costs, and 46 per cent believe business continuity risks will have spending implications. Increased maintenance costs (40%) and hardware costs (38%) are also crucial factors. A tangible example is Microsoft's estimate of around £320,000 over the three years that ESU is available in the case of a hypothetical company with one thousand devices.

To give a tangible dimension of the magnitude of the risk of doing nothing, one only has to look at the data of Microsoft's latest massive update, the latest patch tuesday of 15 October, released just one day after the end of Windows 10 support. The security measures released affected 183 vulnerabilities of which eight were not released by Microsoft. Of the total security updates, 165 vulnerabilities were classified as Important in terms of severity, followed by 17 as Critical and one as Moderate. The vast majority concerned privilege elevation vulnerabilities (84), with the remainder being remote code execution vulnerabilities (33), information disclosure (28), spoofing (14), denial-of-service (11) and security feature bypass (11).