On October 14, 2025, Microsoft will deliver the last routine security update for Windows 10 version 22H2, ending a decade of free patches for the operating system that still runs on over 60% of the world’s Windows PCs. After that date, any newly discovered vulnerability will remain unaddressed on unsupported machines — unless users pay for an Extended Security Update (ESU) subscription, upgrade to Windows 11, or replace their hardware. For the first time, Microsoft is offering a consumer ESU program, a limited window that keeps devices safe through October 13, 2026, but it comes with a price tag and no feature improvements.

The Lights Go Out on October 14

Microsoft will stop providing three things for Windows 10 Home, Pro, Pro Education, and Pro for Workstations editions after October 14, 2025: security fixes for new flaws, feature updates, and technical support. The device won’t stop booting — it will continue to run — but every month that passes without a patch widens the gap between its defenses and the latest attack techniques. Enterprise and Education editions follow their own lifecycle timelines, but the mainstream deadline is the one that affects the vast majority.

The cutoff is not a surprise. Microsoft locked Windows 10 version 22H2 as the final feature release in late 2022 and has only issued monthly quality and security updates since then. The October date was set years ago under the company’s fixed lifecycle policy, which gives each Windows version about 10 years of support from its initial launch. Windows 10’s clock started in July 2015.

For the First Time, a Paid Lifeline for Consumers

Extended Security Updates are not new — enterprises have been able to buy them for past Windows versions — but this is the first time Microsoft has created a consumer ESU program. The program runs for one year, until October 13, 2026, and covers “critical” and “important” security vulnerabilities on Windows 10 version 22H2 devices. It does not include bug fixes, design changes, new features, or assistance from Microsoft support.

Microsoft has outlined three enrollment paths for consumers: a paid annual subscription, redemption through Microsoft Rewards points, and a no-cost option for devices that sync settings with a Microsoft account. The company has not yet published pricing for the paid tier, though its enterprise ESU typically costs a few dollars per device per month in the first year and doubles annually. Home users should expect a similar model, with the final cost likely revealed closer to the deadline.

Windows 11: The Upgrade Gate

The free in-place upgrade to Windows 11 remains the cleanest path to continued support, but it imposes hardware requirements that didn’t exist when most Windows 10 PCs were sold. A device must have a TPM 2.0 chip, Secure Boot capability, and a supported processor — Intel 8th gen or newer, AMD Ryzen 2000 or newer, or Qualcomm Snapdragon 850 or newer. These rules leave millions of perfectly functional machines ineligible.

Microsoft’s PC Health Check tool can tell you in a minute whether your current hardware qualifies. If it doesn’t, the official routes are to pay for ESU on Windows 10, buy a new Windows 11 PC, or explore alternative operating systems.

What’s at Stake for Home Users

For the average person, the risk of staying on an unpatched Windows 10 after October creeps up gradually but then compounds. Attackers often save exploits for the period immediately after support ends, when a large pool of unprotected machines remains online. Ransomware gangs, in particular, thrive on known vulnerabilities in operating systems that are no longer patched — the WannaCry outbreak of 2017, which crippled the UK’s NHS and hundreds of thousands of computers globally, exploded because many organizations had not applied a patch that was available weeks earlier. Once updates stop, every newly discovered flaw becomes a permanent open door.

Home users also face a creeping compatibility drain. Software vendors and browser makers eventually drop support for older operating systems, leaving machines unable to run the latest versions of Chrome, Edge, or essential productivity apps. Online banking and government services may flag unsupported systems and block access.

What’s at Stake for Businesses and IT Pros

For organizations, the risk is more acute and multi-layered. A single unpatched endpoint can serve as a beachhead for lateral movement into the rest of the network. Regulated industries — healthcare, finance, legal, and any entity handling personal data — must demonstrate “reasonable” security practices under data protection laws; running an operating system that no longer receives vendor security updates is practically indefensible in an audit or breach investigation.

Contractual obligations add another layer. Many enterprise agreements require the use of supported software as a baseline security control. Failing to meet that condition can trigger termination clauses, disqualify a company from tenders, or increase cyber insurance premiums — or even void coverage entirely. The Kaseya supply-chain attack of 2021, in which an exploited management tool led to thousands of downstream victims, showed how a vulnerability in one layer can cascade through an entire ecosystem of partners and clients.

How We Reached This Crossroads

Windows 10 was always meant to be the “last” version of Windows in the sense that it would evolve through semi-annual feature updates rather than full version upgrades. That model changed in 2021 when Microsoft announced Windows 11, tying it to hardware-rooted security because of a shift in the threat landscape. The rise of ransomware-as-a-service, advanced persistent threats, and supply-chain attacks made operating-system-level protections like TPM-backed credentials, virtualization-based security, and hypervisor-protected code integrity necessary rather than optional.

The decision froze the hardware base: a Dell laptop bought in 2016 for a student, still perfectly capable of word processing and web browsing, cannot officially run Windows 11. Unlike the transition from Windows 7 to Windows 10 — where compatibility was broad and the upgrade tool was generous — this time Microsoft has held the line on requirements, with only a limited “unsupported install” workaround that it warns against and may not fully service.

Your Move: A Practical Playbook

For Home Users and Enthusiasts

  1. Check your hardware. Download the PC Health Check app from Microsoft’s website and run it. If you get a green light, you can upgrade for free at any time before October 14 — or after, but the clock is ticking. Allow an hour for the in-place upgrade; it preserves your files and most applications.

  2. If your PC isn’t compatible, weigh the cost. ESU will likely cost something — possibly $30–$50 per year based on historical patterns — but that’s far cheaper than a new PC. Consider it if your machine is otherwise solid and you only need another year or two of secure browsing. Microsoft’s Rewards option or the no-cost enrollment for devices that sync settings may soften the blow for some users.

  3. Don’t ignore the option of a lightweight Linux distribution. For machines used exclusively for web tasks, email, and media, Ubuntu, Linux Mint, or ChromeOS Flex can breathe years of secure life into old hardware. They require some learning, but the effort is minimal for basic use.

  4. Harden what you keep. If you stay on Windows 10 after October with ESU, enable multi-factor authentication on all accounts, turn on ransomware protection in Windows Security, and keep your browser and third-party applications updated. Treat the system as though it’s under threat — because it will be.

For IT Decision Makers

  1. Inventory and categorize. Know every Windows 10 endpoint in your fleet — version, role, criticality, and regulatory exposure. Tag those that are ineligible for Windows 11, those that are eligible but need app testing, and those that are no longer needed at all.

  2. Run a pilot now. Select a representative sample of 50–100 devices and upgrade them to Windows 11. Test your line-of-business applications, printers, and VPN clients. Document what breaks and involve vendors early.

  3. Build a phased rollout. Split the migration into waves: pilot first, then early adopters, then business-critical workers, then everyone else. Plan to have all upgrades complete by September 2025 to leave a buffer.

  4. Enroll inescapable devices in ESU. For specialized equipment, legacy lab computers, or devices tied to industrial machinery, purchase ESU licenses and treat them as a strictly temporary bridge. Set a hard date — before October 13, 2026 — to decommission or replace each one.

  5. Harden the bridge. While ESU covers operating system flaws, it doesn’t protect against application vulnerabilities or misconfigurations. For any Windows 10 machine still in use, enforce application allowlisting, restrict network access to only required services, enable endpoint detection and response (EDR), and conduct frequent vulnerability scans.

  6. Communicate to leadership in business terms. Translate the risk into cost: a single ransomware incident often costs hundreds of thousands of dollars in recovery, fines, and lost revenue. Compare that to the price of a hardware refresh or ESU subscription. Show a timeline and a budget, and get sign-off early.

Looking Ahead

The next 12 months will define how smoothly the world moves past Windows 10. Microsoft is unlikely to extend the ESU program beyond October 2026 for consumers, and the huge installed base of incompatible hardware won’t simply vanish. Device manufacturers may see a surge in PC sales, and the refurbished market will churn with Windows 10 machines that new owners will quickly regret unless they know what they’re getting into.

There’s also the question of what comes after Windows 11. Microsoft is already testing features internally that point to a more modular, AI-integrated Windows 12, and the tighter hardware baseline may finally allow the company to accelerate innovation at the OS level instead of carrying a decade of legacy weight. But that future is only reachable if users and organizations take the October 14 deadline as the real turning point it is — not as a date to watch, but as a date to act.