2 days ago
12
Follow ZDNET: Add america arsenic a preferred source on Google.
ZDNET's cardinal takeaways
- Millions of computers globally are inactive moving Windows 10.
- Attackers are ready, willing, and capable to exploit unpatched PCs.
- Signing up for extended information updates is simply a important step.
Hundreds of millions of computers worldwide are inactive moving Windows 10, months aft the one-time king of PC operating systems officially passed its end-of-support deadline.
If you're liable for 1 of those machines and you aren't acceptable to upgrade to Windows 11, you tin motion up contiguous for an Extended Security Updates (ESU) subscription -- consumers tin get those updates escaped done October 2026, arsenic I explicate here: How to get escaped Windows 10 information patches connected your PC - from present to October 2026.
Don't delay, though. History says attackers are ready, willing, and capable to exploit unpatched PCs, and the results tin beryllium catastrophic. How bad? Let's hop successful the Wayback Machine and spot what happened the past clip a hugely fashionable Windows mentation reached its end-of-support date.
For Windows 7, that day was January 14, 2020. That's erstwhile consumers and tiny businesses stopped receiving information updates. Microsoft offered an Extended Security Updates programme for concern customers, but those subscriptions were expensive, and I discovered that finding idiosyncratic who would merchantability you the updates was a challenge.
The result? At the commencement of 2021, a twelvemonth aft Windows 7 enactment ended, I estimated that at slightest 100 cardinal PCs were inactive moving that out-of-date OS.
Also: Gemini vs. Copilot: I tested the AI tools connected 7 mundane tasks, and it wasn't adjacent close
The results were depressingly predictable. Groups astir the satellite that specialized successful ransomware attacks began seeking retired unpatched systems that could beryllium exploited. As months passed without information updates, the much opportunities those attackers had to enactment with.
Those transgression networks -- with names like Digital Shadows, LockBit, Conti, and Vice Society -- were engaged conducting hands-on, human-operated campaigns, often exploiting caller information vulnerabilities to assistance their ransomware attacks.
Also: How to upgrade your 'incompatible' Windows 10 PC to Windows 11 present - for free
Some of those groups whitethorn person disbanded, but they've been replaced by arsenic dedicated attackers. And these individuals are anxious to get to enactment erstwhile enactment for an operating strategy ends.
In the lawsuit of Windows 7, the astir infamous onslaught progressive the PrintNightmare information bug, which was archetypal disclosed successful July 2021. The bug created truthful overmuch havoc worldwide that Microsoft took the uncommon measurement of releasing a spot for Windows 7 systems, adjacent though enactment for those PCs had ended 18 months earlier.
The PrintNightmare incidental had echoes of an earlier, likewise catastrophic planetary outbreak. WannaCry, which was brutally effectual against the ample colonisation of Windows XP PCs that were inactive successful usage successful 2017, 3 years aft enactment for that OS ended. At the time, Europol called the outbreak "the largest ransomware onslaught observed successful history."
Also: I deliberation I cognize what's coming successful Windows 12, and you're not going to similar it
In that case, too, the scope of the onslaught was truthful wide that Microsoft released an out-of-band spot for Windows XP.
But those incidents were high-profile exceptions; determination were plentifulness of other, little publicized vulnerabilities that didn't person patches and remained unfastened for exploitation connected unsupported systems. Those vulnerabilities didn't garner worldwide headlines, but the interaction was achy if your enactment was successfully compromised.
So, however apt is it that Windows 10 holdouts volition spot a large-scale onslaught similar the ones that targeted earlier versions? Well, if you could foretell it, you could forestall it. Those incidents thin to hap without warning, erstwhile an attacker stumbles crossed a mode to exploit an unpatched flaw. Sometimes these incidents impact multiple, seemingly insignificant vulnerabilities that attackers fig retired however to harvester into a azygous effectual exploit.
Every month, Microsoft publishes a detailed database of the information fixes it has released with the Patch Tuesday updates. Alongside each introduction connected the list, there's a standing of however exploitable that flaw is. For November 2025, the archetypal merchandise aft Windows 10 enactment ended, that database included a Windows Kernel vulnerability (CVE-2025-62215); according to the bulletin, "An attacker who successfully exploited this vulnerability could summation SYSTEM privileges."
And nether the Exploitability heading, it's categorized arsenic "Exploitation Detected." December's information updates included different vulnerability that has besides been categorized arsenic "Exploitation Detected."
Fortunately, some of those vulnerabilities necessitate section entree to beryllium exploited, astatine slightest for now. But past suggests it's lone a substance of clip earlier remotely exploitable attacks occur. When that time comes, you really don't privation to beryllium moving an unpatched, unsupported mentation of Windows.
English (US) ·