Consumer Reports has formally asked Microsoft to continue providing free security updates for Windows 10 beyond the October 14, 2025 end-of-support cutoff, warning that the current plan will leave millions of functioning PCs exposed to cyber threats. The consumer advocacy group, in a letter to CEO Satya Nadella, argues that the company’s transition to Windows 11 unfairly forces users into paying for protection or buying new hardware, a move it calls “hypocritical” given that incompatible PCs were sold until recently.
The Cutoff Deadline and the Consumer ESU Lifeline
Microsoft’s timetable is firm: on October 14, 2025, Windows 10 will receive its last free security update. After that, the company offers a single-year Extended Security Update (ESU) for consumers at $30, available through account sync, Microsoft Rewards, or purchase. The ESU covers up to 10 devices per account and lasts until October 13, 2026. Enterprise customers can buy multi-year ESU packages, but consumers get only one year. Consumer Reports’ letter, shared publicly on the group’s website, asks Microsoft to: reverse the decision to charge for basic security updates; extend free patches until a “fairer migration threshold” is reached; create recycling partnerships; and avoid tying ESU enrollment to Microsoft account sign-ins, which raises privacy concerns. The organization surveyed 100,000 computer owners and found that over 95% of devices bought since 2019 remain in active use, indicating long lifespans beyond Microsoft’s support window.
Who Gets Locked Out: The Hardware Gate
For the average home user, the October deadline brings three choices: upgrade to Windows 11 if your PC is compatible, pay $30 for ESU to get one more year of patches, or continue using Windows 10 unprotected. That third option carries growing risks: without patches, any new vulnerability discovered after October 14 will remain unpatched forever. For families and students relying on older, hand-me-down laptops, the hardware barrier is the biggest hurdle. Windows 11 requires a Trusted Platform Module (TPM) 2.0, UEFI Secure Boot, and a processor from Microsoft’s approved list — requirements that exclude many machines built before 2017 or 2018. Even mid-range PCs from 2019 may lack TPM 2.0 or have it disabled in the BIOS.
For IT administrators, the situation is more nuanced: businesses with volume licensing can already purchase multi-year ESU through commercial channels, but small businesses without IT staff may fall through the cracks. The forced hardware refresh cycle also hits schools, nonprofits, and public institutions with tight budgets. The environmental angle adds another layer of concern. Forcing millions of otherwise functional devices into premature retirement creates e‑waste on a massive scale. Consumer Reports explicitly called out this issue, urging Microsoft to expand trade‑in programs and ensure that recycled materials don’t end up in landfills. Even if users enroll in ESU, the one‑year clock simply postpones the hardware replacement decision, kicking the can down the road to 2026.
How We Got to a Cliff Edge
Microsoft announced the Windows 11 hardware requirements in 2021, citing security‑by‑design as the rationale. TPM 2.0 and Secure Boot enable virtualization‑based security and system integrity checks that are harder to backport to older OSes. The company set an initial end‑of‑support date for Windows 10 in October 2025, giving users four years to prepare. Yet, as Consumer Reports points out, Microsoft and its OEM partners continued selling machines without TPM 2.0 well into 2023, some with stickers promising a “free upgrade to Windows 11” that turned out to be misleading. According to StatCounter, Windows 10 still powers around 45% of desktop Windows PCs globally as of mid‑2025. That’s a massive installed base. The company’s consumer ESU program was a first—never before had Microsoft offered paid security patches to individuals—but it is limited to one year and forces users into a Microsoft account. The free tier via account sync requires turning on Windows Backup, which uploads personal data to OneDrive, a non‑starter for privacy‑conscious users. Consumer Reports’ intervention is the latest in a wave of pushback, following petitions and even litigation threats from public interest groups.
The TPM 2.0 requirement is particularly contentious because it isn’t just about having the chip—it must be enabled in the firmware, and many manufacturers sold PCs with the feature disabled by default. Even tech‑savvy users can be foiled by obscure BIOS settings. Moreover, some perfectly capable desktop motherboards from the late 2010s have TPM headers but no module installed, forcing a hardware purchase. The net effect is that a computer that runs Windows 10 flawlessly—often with an SSD and plenty of RAM—gets labeled obsolete not because of performance, but because of a security chip requirement that was poorly communicated at the time of sale.
What to Do Now: A Practical Countdown
If you’re on Windows 10, take these steps immediately:
- Check Windows 11 compatibility: Run the PC Health Check app from Microsoft’s website. If your device has TPM 2.0, Secure Boot, and a supported processor, upgrade today. Go to Settings > Windows Update and see if the Windows 11 upgrade is offered. In‑place upgrades are free and preserve your files.
- For incompatible hardware, prep for ESU: Ensure your system is on Windows 10 version 22H2, fully patched. The ESU enrollment option will appear in Settings > Windows Update as the deadline approaches. If you want the free route, you’ll need to sign in with a Microsoft account and enable Windows Backup sync. Alternatively, redeem 1,000 Microsoft Rewards points or pay $30 for a one‑year code. This will keep your device receiving critical and important updates through October 2026.
- Back up everything: Before making any major changes, copy your files to an external drive or a reputable cloud service. An unprotected OS is a ticking time bomb for ransomware and data theft.
- Harden any device that must stay on Windows 10 without ESU: Limit its internet exposure—use it only for offline tasks, or isolate it on a separate VLAN. Install a robust third‑party antivirus and consider using a different browser that will continue receiving updates after October (Microsoft Edge on Windows 10 may still get updates for a while, but don’t rely solely on that).
- Consider alternative operating systems: If your PC truly can’t run Windows 11 and you want a secure system without paying, try a lightweight Linux distribution like Ubuntu or Linux Mint, or ChromeOS Flex from Google. These are free and will extend the hardware’s life for web browsing and basic productivity.
- Plan a purchase if needed: If you decide to buy a new PC, look for devices with modern hardware, and prioritize vendors that offer trade‑in programs. Retailers often run promotions around back‑to‑school and holiday seasons. Check for discounts or recycling credits to offset costs and reduce e‑waste.
For organizations, start auditing now. Inventory all Windows 10 machines and identify which can be upgraded in place and which will need replacement. Factor the $30 per device ESU cost into next year’s budget if you need a bridge, but remember that’s a stopgap, not a solution. Schools and nonprofits should investigate Microsoft’s nonprofit pricing and the potential for volume discounts on new hardware. Manufacturers like Dell, HP, and Lenovo have education and government programs that can ease the transition.
One more crucial step for everyone: enable two‑factor authentication on all online accounts. If your PC becomes compromised because of an unpatched vulnerability, accounts without 2FA are at even greater risk. It’s a simple, free measure that adds a layer of defense regardless of OS support status.
What to Watch Next
The pressure is mounting. Microsoft has a history of adjusting policies under public scrutiny—in 2015, it reversed course on aggressive Windows 10 upgrade prompts after backlash. Whether the company will soften its stance on Windows 10 support before October remains unclear. Regulatory bodies in the EU and elsewhere are increasingly interested in product lifecycle mandates, particularly around security updates and repairability. If Consumer Reports’ appeal gains traction, we might see a limited extension of free patches, perhaps through a longer ESU period or account‑free enrollment. In the meantime, the clock is ticking. October 14, 2025 isn’t a suggestion; it’s a hard stop. Be prepared.