Windows 10 users have exactly 30 days until Microsoft stops delivering free security patches for the aging operating system on October 14, 2025. After that date, any newly discovered vulnerabilities will remain unpatched on unsupported machines, leaving them as sitting ducks for ransomware and exploit kits. But there is a lifeline: for the first time, Microsoft is offering consumers a $30 one-year extension of critical security updates—and even free routes via Microsoft Rewards or Windows Backup.

The end-of-support milestone affects hundreds of millions of PCs worldwide. While headlines have tossed around figures like 600 or 800 million, the exact number remains elusive; what’s certain is the scale is massive. Canalys estimates that about 240 million devices alone cannot meet the hardware requirements for Windows 11. StatCounter shows Windows 10 still holds a substantial share of the desktop OS market, even as Windows 11 adoption grows. For households and small businesses without an enterprise IT department, the next 30 days are critical for charting a course.

The Deadline is Real: What Happens on October 14

On October 14, 2025, Microsoft will end all routine security updates, quality improvements, and technical support for Windows 10 version 22H2 and several Long-Term Servicing Channel (LTSC) editions. The operating system will continue to boot, but every unpatched flaw discovered after that date becomes a permanent liability. Threat actors often reverse-engineer patches released for supported systems to attack those left behind. Banking trojans, credential stealers, and ransomware groups actively target older platforms precisely because they lack defenses.

For businesses, the risk extends beyond infection. Regulatory frameworks in finance, healthcare, and government mandate supported software. An unsupported endpoint can trigger audit failures, fines, or loss of cyber insurance coverage. The message from Microsoft is unambiguous: upgrade to Windows 11 if your hardware allows, enroll in Extended Security Updates (ESU) for a temporary bridge, or migrate workloads to cloud services that stay current.

Understanding the Extended Security Updates (ESU) Safety Net

Extended Security Updates are not new; Microsoft first introduced them for Windows 7 after its 2020 end of support. But the consumer ESU program for Windows 10 is a significant departure. Previously, only volume-licensing enterprise customers could purchase post-retirement patches. Now, anyone with a personal Windows 10 device can buy an extra year of security—for a one-time fee of $30, or free through two alternative enrollment methods.

Consumer ESU: The $30 (or Free) Annual Pass

Enrollment in the consumer ESU program is straightforward. From the Windows Update settings page, an “Enroll now” wizard will appear as the deadline nears. Users must be running Windows 10 version 22H2 with the latest cumulative updates and have a Microsoft account with administrator privileges on the device. The program covers Home, Pro, Pro Education, and Workstation editions. Domain-joined or MDM-managed machines are ineligible; they fall under the separate commercial ESU track.

Three payment options exist:

  • Free with Windows Backup: Enable backup of your settings to a Microsoft account via OneDrive. This syncs your personalization and some app data.
  • Free with Microsoft Rewards: Redeem 1,000 Rewards points. Many users accumulate points through Bing searches or Edge use.
  • One-time payment of $30 USD: The straightforward purchase applies to up to 10 devices linked to the same Microsoft account.

Once enrolled, the device receives only Critical and Important security patches from October 15, 2025 through October 13, 2026. No feature updates, quality-of-life improvements, or standard technical support are included. It’s a stripped-down emergency service, not a substitute for a supported OS.

Commercial ESU: A Separate Enterprise Track

Organizations with volume licensing can purchase ESU through their existing channel, typically in multi-year increments with tiered pricing. The commercial program includes additional management tooling and does not require a Microsoft account per device—administrators deploy updates via WSUS or other enterprise solutions. Pricing scales based on the number of devices and the year of coverage, often becoming more expensive each year to incentivize migration. Companies should contact their Microsoft representative for exact figures.

The Upgrade Path: Is Your PC Ready for Windows 11?

Windows 11 is Microsoft’s preferred destination, but hardware requirements have been a sticking point since launch. A 64-bit processor, 4 GB RAM, 64 GB storage, TPM 2.0, and Secure Boot-capable UEFI firmware are mandatory. The PC Health Check tool tells you in seconds whether your current hardware passes. If it does, upgrading is free and preserves your files and applications.

Before pulling the trigger, create a full system image backup to an external drive. The in-place upgrade process is generally reliable, but driver incompatibilities can cause blue screens or app failures. Check with printer, scanner, and specialty software vendors for Windows 11 drivers. If an application fails post-upgrade, Windows’ built-in compatibility mode often solves the problem.

For those who want a clean start, Microsoft’s Installation Assistant or a bootable USB created with the Media Creation Tool enables a fresh install. Be prepared to reinstall all applications manually.

Alternative Routes: Cloud VMs, New Hardware, and Linux

If your PC can’t run Windows 11, you still have options beyond the $30 ESU band-aid.

  • Cloud PCs and virtual desktops: Windows 365 and Azure Virtual Desktop provide fully supported Windows 11 environments that stream to any device. Microsoft extends special ESU entitlements to cloud-hosted VMs, often at no additional cost. For businesses, this decouples hardware from the OS lifecycle.
  • Buying a new Windows 11 PC: Modern Copilot+ PCs with dedicated neural processing units offer better battery life, AI features, and hardware-backed security. TPM 2.0 and virtualization-based protections are built in, making them resilient against firmware attacks. Prices have come down, and the performance leap from a 2018-era laptop is substantial.
  • Switching to Linux: Ubuntu, Linux Mint, and other distributions deliver a secure, up-to-date desktop experience without hardware gating. Application compatibility remains the challenge—Adobe Creative Cloud and many AAA games lack native Linux versions. But for web browsing, office work, and programming, the transition can be seamless.
  • Community workarounds: Tools like Tiny11 strip Windows 11 of hardware checks and bloatware, enabling installation on unsupported CPUs. These hacks appeal to tinkerers but carry significant long-term risks: Microsoft may block updates on such installations, and there’s no guarantee of continued functionality.

The Risks of Doing Nothing

Running an unsupported Windows 10 after October 14 exposes you to a cascade of problems:

  • Zero-day exploits: Without patches, vulnerabilities in the kernel, browser, or networking stack become permanent entry points.
  • Software rot: Third-party developers will stop testing on Windows 10. Over time, new versions of Chrome, Office, and antivirus tools may cease to install or function.
  • Ransomware targeting: Cybercriminals specifically scan for outdated operating systems during attack campaigns. Industries like healthcare and education are frequent targets because they often lag behind.
  • Compliance fallout: For regulated entities, unsupported software can trigger penalties under GDPR, HIPAA, or PCI-DSS.

Temporary mitigations—like keeping third-party antivirus up to date, disabling RDP, and using a standard user account instead of an admin—can reduce the attack surface but cannot replace OS-level patches. Backups become your last line of defense; ensure you have offline, immutable copies of critical data.

A 30-Day Action Plan: From Backup to Migration

The window for decisive action is closing. Below is a week-by-week plan to secure your digital life.

Days 0–7: Inventory and backup
- Audit every device running Windows 10. Note which can upgrade to 11 and which must be replaced or isolated.
- Create full backups to an external drive and a cloud service. Test a restore.
- Create or link a Microsoft account if you lack one.

Days 8–21: Test and decide
- For eligible devices, run PC Health Check, then perform the Windows 11 upgrade on one non-critical machine first. Monitor for issues.
- For ineligible devices, choose your path: enroll in consumer ESU, migrate to a cloud PC, order new hardware, or prepare a Linux USB stick for trials.
- If you opt for ESU, confirm your system is on version 22H2 with all updates installed.

Days 22–30: Execute and harden
- Complete upgrades on all primary machines. Enroll remaining Windows 10 boxes in ESU via Settings > Update & Security > Windows Update.
- Implement defense-in-depth for any machine staying on Windows 10: enable firewall, restrict internet exposure, and keep applications updated.
- Place orders for new hardware—supply chains may tighten as the deadline hits.

Post-October 14
- Understand that any Windows 10 device without ESU is now a ticking time bomb. Isolate it from sensitive networks and never use it for banking or email.

Microsoft’s Gamble: Strengths and Weaknesses of the ESU Strategy

Offering a consumer ESU is a pragmatic move that acknowledges economic realities. Millions of people cannot afford a new PC or have workflows that depend on legacy software. By providing a low-cost, one-year bridge, Microsoft reduces the likelihood of a massive unpatched botnet forming overnight. The free enrollment options via Backup or Rewards further lower the barrier.

That said, the approach has drawn criticism. Privacy advocates point out that the “free with Backup” route effectively forces users into Microsoft’s ecosystem, syncing settings to a Microsoft account. Not everyone wants that linkage. The single-year duration also feels stingy: while enterprises can buy multiple years of ESU, consumers get a single make-or-break year. If the global chip shortage returns or economic pressures mount, many households will find themselves in the same predicament in 2026.

Device count confusion has muddied the public discourse. Headlines warning “600 million users at risk” conflate different metrics—installed base, active usage, and incompatible hardware. Microsoft has not published a precise figure, leaving analysts to fill the void. For planning purposes, assume the number is large and act accordingly.

Final Verdict: Act Now or Face the Consequences

October 14, 2025, is not a suggestion; it is the day the free security umbrella closes. The consumer ESU program is a welcome, if temporary, safety valve—30 bucks for 12 months of peace of mind. But it is not a solution. The only sustainable path forward is a supported operating system, whether that’s Windows 11, a cloud VM, or a move to Linux.

Do not rely on headline device counts to gauge your own risk. Inventory your machines, check compatibility, and take the first concrete step today. Back up your data. The next 30 days will separate the prepared from the breached.