CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Microsoft to end support for Windows 10 on October 14, 2025

First reported
Last updated
2 unique sources, 5 articles

Summary

Hide ▲

Microsoft has ended support for Windows 10 on October 14, 2025. This includes all editions of Windows 10 2015 LTSB and Windows 10 IoT Enterprise LTSB 2015. After this date, no further security updates, bug fixes, or technical assistance will be provided. Users must upgrade to Windows 11 or enroll in the Extended Security Updates (ESU) program to continue receiving support. A significant proportion of individual users and organizations still run the Windows 10 operating system, raising significant cybersecurity concerns. Over 40% of global endpoints still run Windows 10, and 26% of UK Windows 10 users do not plan to upgrade. The UK's National Cyber Security Centre (NCSC) has urged customers to upgrade before October 11, 2025, highlighting past exploits of unpatched legacy systems. Experts warn of increased targeting of Windows 10 flaws post end-of-life date. The end of support affects Windows 10 Home, Pro, Enterprise, Education, and IoT Enterprise editions. Microsoft advises users to migrate to Windows 11 or use the ESU program, which offers one year of extended support for a fee. Alternatively, users can switch to Long-Term Servicing Channel (LTSC) releases for specialized devices. Microsoft will allow individual customers in the European Economic Area (EEA) to enroll in the ESU program for free if they use a Microsoft account to enroll and log in to Windows. Microsoft patched a Windows Agere Modem Driver elevation of privileges vulnerability tracked as CVE-2025-24990 in the October 2025 Patch Tuesday updates, which was actively exploited in attacks to gain administrative privileges on devices. Windows 10 devices accessing Windows 365 Enterprise Cloud PCs and Windows 365 Frontline Cloud PCs can receive free enrollment into the ESU program. Windows 11 market share started to decline after surpassing Windows 10 in July 2025. Windows 7 market share increased to nearly 10% in September 2025. Unpatched vulnerabilities were the second-most common initial attack vector used against managed service providers (MSPs) in the first half of 2025.

Timeline

  1. 09.10.2025 11:00 3 articles · 1mo ago

    Extended Security Updates (ESU) for personal devices will run from October 15, 2025, to October 13, 2026

    Windows 10 ESU support for personal devices will run from October 15, 2025, to October 13, 2026. The article provides detailed steps for consumers to enroll in the ESU program, including options to pay a fee, use Microsoft reward points, or back up Windows settings to a Microsoft account. It also emphasizes the importance of enrolling in the ESU program to mitigate the increased risk of attacks on unpatched Windows 10 systems. The article also mentions the findings of the Acronis Cyberthreats Report, H1 2025, which identified unpatched vulnerabilities as the second-most common initial attack vector used against MSPs.

    Show sources
    Open in new tab
  2. 13.09.2025 19:20 5 articles · 2mo ago

    Microsoft to end support for Windows 10 on October 14, 2025

    Microsoft has officially ended support for Windows 10 on October 14, 2025. Users are urged to upgrade to Windows 11 or enroll in the Extended Security Updates (ESU) program to continue receiving security updates. The ESU program is available for a fee, with special provisions for users in the European Economic Area (EEA). The article highlights the importance of enrolling in the ESU program to protect against newly discovered security vulnerabilities and mentions that Windows 10 devices accessing Windows 365 Cloud PCs can receive free enrollment into the ESU program. Additionally, the article discusses the challenges and options for users migrating from Windows 10 to Windows 11, including the decline in Windows 11 market share after surpassing Windows 10 in July 2025 and the unexpected increase in Windows 7 market share.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 183 flaws

Microsoft's October 2025 Patch Tuesday marks the end of free security updates for Windows 10, with the release of the final cumulative update KB5066791. This update addresses 183 vulnerabilities, including six zero-day flaws, and is mandatory for all Windows 10 users. Extended Security Updates (ESU) are available for purchase for up to three years for enterprise users and one year for consumers. The patches cover a range of vulnerabilities, including critical remote code execution and elevation of privilege issues. The zero-day vulnerabilities affect various components, such as Windows SMB Server, Microsoft SQL Server, Windows Agere Modem Driver, Windows Remote Access Connection Manager, AMD EPYC processors, and TCG TPM 2.0. Some of these flaws have been publicly disclosed or actively exploited. The update also includes fixes for vulnerabilities in third-party components, such as IGEL OS and AMD EPYC processors. Additionally, Microsoft Office users should be aware of CVE-2025-59227 and CVE-2025-59234, which exploit the Preview Pane. The update is the largest on record for Microsoft, with 183 CVEs, pushing the number of unique vulnerabilities released so far this year to more than 1,021. The update includes fixes for a wide range of vulnerabilities, including remote code execution (RCE), elevation of privilege, data theft, denial of service (DoS), and security feature bypass issues. The update also marks the end of life for Windows 10, meaning Microsoft will no longer issue regular patches for vulnerabilities in the operating system as part of its regular Patch Tuesday updates. Exchange Server 2016, Exchange Server 2019, Skype for Business 2016, Windows 11 IoT Enterprise Version 22H2, and Outlook 2016 are also reaching end-of-life. Windows 10 users can opt for Extended Security Updates (ESU) for one year at a cost of $30, or install Linux as an alternative. Linux Mint is recommended for Windows 10 users transitioning to Linux, with compatibility for most computers from the last decade. The October 2025 Windows security updates cause smart card authentication and certificate issues across all Windows 10, Windows 11, and Windows Server releases. The issue is due to a security fix designed to address a security feature bypass vulnerability (CVE-2024-30098) in the Windows Cryptographic Services. Affected users may experience various symptoms, including the inability to sign documents, failures in applications using certificate-based authentication, and smart cards not being recognized as CSP providers in 32-bit apps. The issue can be detected by the presence of Event ID 624 in the System event logs for the Smart Card Service prior to installing the October 2025 Windows security update. The fix is enabled by setting the DisableCapiOverrideForRSA registry key value to 1 to isolate cryptographic operations from the Smart Card implementation. Users experiencing authentication problems can manually resolve the issue by disabling the DisableCapiOverrideForRSA registry key. The DisableCapiOverrideForRSA registry key will be removed in April 2026, and users are advised to work with their application vendors to resolve the underlying problem. Microsoft also fixed another known issue breaking IIS websites and HTTP/2 localhost (127.0.0.1) connections after installing recent Windows security updates. Microsoft has released out-of-band (OOB) security updates for a critical-severity Windows Server Update Service (WSUS) vulnerability (CVE-2025-59287) with publicly available proof-of-concept exploit code. The vulnerability can be exploited remotely in low-complexity attacks that do not require user interaction, allowing threat actors without privileges to target vulnerable systems and run malicious code with SYSTEM privileges. Microsoft has released security updates for all impacted Windows Server versions, including Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012. Workarounds for admins who can't immediately install these emergency patches include disabling the WSUS Server Role or blocking all inbound traffic to Ports 8530 and 8531 on the host firewall. The OOB update supersedes all previous updates for affected versions, and users are advised to install it as soon as possible.

Open in new tab

Legacy Operating Systems in Enterprise Networks

A recent analysis by runZero found that 8.56% of assets in enterprise networks are running end-of-life operating systems, with 5% of all observed assets already beyond security support as of September 30, 2025. This includes critical systems that cannot be upgraded due to compatibility issues. The upcoming end-of-life of Windows 10 on October 14, 2025, will significantly expand the attack surface, as one-third of all Windows systems worldwide are still running Windows 10. This situation poses a significant risk, as attackers can exploit vulnerabilities in these outdated systems, which will no longer receive security updates. Organizations need to be aware of the presence of these legacy systems and assess their security posture accordingly.

Open in new tab

Windows 11 2025 Update (25H2) Released with Enhanced Security Features

Microsoft has released Windows 11 2025 Update (25H2), a minor update that enhances security features and support lifecycles. The update is being rolled out gradually and includes improvements in vulnerability detection and AI-assisted secure coding. The update is available through enablement packages for users on Windows 11 24H2, and as a full OS swap for users on Windows 11 23H2. It removes PowerShell 2.0 and WMIC, and introduces Wi-Fi 7 for enterprises. The support lifecycle for Windows 11 25H2 has been reset, extending support for Enterprise and Education editions to 36 months, and for Pro editions to 24 months. Consumer support ends in October 2027.

Open in new tab

Microsoft to provide free Windows 10 security updates in EEA

Microsoft will offer free extended security updates for Windows 10 in the European Economic Area (EEA). The decision follows pressure from Euroconsumers, a consumer protection organization, and aims to ensure compliance with the Digital Markets Act (DMA). The updates will be available without requiring users to back up settings, apps, or credentials, or use Microsoft Rewards. Windows 10 support is set to end on October 14, 2025.

Open in new tab

Steam to end support for 32-bit Windows in January 2026

Valve has announced that Steam will stop supporting 32-bit versions of Windows starting January 2026. This change affects a small fraction of users, as only 0.01% of Steam users are on 32-bit systems. The move is necessary because core Steam features rely on system drivers and libraries not supported on 32-bit Windows. Users are urged to upgrade to 64-bit versions of Windows to maintain compatibility and receive updates. Existing Steam installations on 32-bit systems will continue to function but will not receive further updates, including security patches. Microsoft has also announced that all versions of Windows 10 will reach end of support on October 14, 2025, with options for users to upgrade to Windows 11 or enroll in the Extended Security Updates (ESU) program.

Open in new tab