← Home

Windows 10 refuses to die, and the security bill is coming due

The fact

Windows 10 still commands a significant share of the desktop market years after mainstream support ended, and Microsoft faces growing pressure to extend paid security patches — with costs skyrocketing for enterprises that refuse to migrate.

Context

Windows 10 mainstream support ended in October 2025. Microsoft offers Extended Security Updates (ESU) for three years, but prices double each year. Meanwhile, Windows 11 adoption remains sluggish due to strict hardware requirements (TPM 2.0, recent CPUs) that left millions of otherwise functional PCs behind. An estimated 25-30% of corporate desktops still run Windows 10. Regulated sectors — healthcare, finance, government — are the most exposed, as they face compliance requirements that mandate patched operating systems but also run legacy software incompatible with Windows 11.

Analysis

Microsoft is in a delicate position. Forcing migration to Windows 11 alienates customers with compatible but aging hardware. Extending Windows 10 support for free would cannibalize Windows 11 adoption. The current solution — increasingly expensive ESU — is a revenue strategy, not a security strategy. The real risk is that organizations that don't pay for ESU will run unpatched systems exposed to critical vulnerabilities. We have seen this playbook before: Windows 7's extended support ended in January 2020, and the WannaCry ransomware in 2017 exploited precisely such legacy systems — many of which were technically out of support. The cost of a single security incident is orders of magnitude higher than ESU fees, but IT budgets often fail to make that connection until after an incident occurs. Microsoft's challenge is to find the pricing sweet spot where ESU is expensive enough to incentivize migration but not so expensive that organizations simply go without updates.

What to watch

Number of enterprises subscribing to ESU year 2 and year 3; zero-day vulnerabilities discovered in Windows 10 post-support; regulatory pressure to extend free security updates; forced Windows 11 migration via hardware workarounds in enterprise environments; and the response from the cybersecurity insurance industry to unpatched Windows 10 deployments.

Source: The Register