Windows 10 Support is Over, Where Does It Leave Businesses?

Microsoft's decision to end support for its Windows 10 operating system on 14 October 2025 presents a considerable challenge for organisations globally.

This means that the company will no longer issue routine security fixes, exposing users to serious cyber threats unless they enrol in a paid programme.

Data indicates the scale of this issue. An analysis of 250 million anonymised connections by TeamViewer found that over 40% of global endpoints continue to run Windows 10.

For those unable to upgrade, Microsoft is offering a paid Extended Security Updates (ESU) programme. This service begins at approximately US$61 per device for the first year, with the cost set to increase annually.

While consumer advocacy groups in the European Economic Area have secured one year of free ESU for consumers, this provision does not apply to UK users or any businesses.

The business risks of legacy systems

The lack of free security support creates an environment ripe for cyber attacks.

Matt Balderstone, Cybersecurity Advisor at CyberArk, says organisations cannot afford complacency.

“Once Windows 10 reaches end-of-life, the absence of security updates will leave millions of machines exposed to future vulnerabilities that will never be patched, creating the prime conditions for attackers to exploit legacy systems,” he notes.

The transition to Windows 11 is also complex due to its specific hardware requirements. This has slowed adoption, leaving many businesses unprepared for the deadline.

“The end of Windows 10 support shouldn't come as a surprise, yet many organisations remain unprepared,” says Dave Adamson, Solutions Director at Creative ITC. “Every day of delay increases risk and makes the transition harder.”

Echoes of WannaCry and modern cyber threats

This situation is reminiscent of the 2017 WannaCry ransomware attack, which exploited a vulnerability in unpatched Microsoft systems.

The attack caused widespread disruption, crippling services like the UK's NHS that saw over 19,000 appointments cancelled.

Matt Balderstone warns of a repeat scenario with potentially greater consequences.

“We can’t bury our heads in the sand as we've seen a similar scenario play out before. We could see an EternalBlue-style vulnerability emerge again – only this time, it’ll be on an even greater scale, considering the interconnected cloud environments of today.”

He stresses that a single unpatched device could compromise a whole corporate network, saying: “Even one unpatched endpoint could serve as an ‘Achilles heel’ that cripples a whole network, increasing the likelihood of credential theft, session hijacking or lateral movement across hybrid or multi-cloud environments."

This sentiment is shared by other industry experts. Jan Bee, Chief Information Security Officer at TeamViewer, says companies must upgrade to a newer, supported operating system promptly to protect against cybersecurity threats.

A strategic issue of business continuity

Beyond direct cyber attacks, the end of support creates other risks, such as scammers targeting users with fraudulent upgrade offers or support calls.

Luis Corrons, Security Evangelist at Avast, warns that the end of support creates opportunities for scammers as well as hackers.

He says: “End of support is not the end of the world, but it is the end of free safety nets. Attackers know that, which is why unpatched Windows and driver bugs become long-lived entry points.”

The implications extend into operational and compliance failures, elevating the issue from a simple IT task to a critical business concern.

Dave argues that organisations must treat this as more than an IT problem.

“This isn’t an IT upgrade issue. It’s a business continuity issue,” he says. “Firms should be auditing devices, addressing compatibility gaps and planning refreshes."

For devices that do not meet the hardware requirements for Windows 11, he adds that leaders must consider hardware replacements or alternative models such as virtual desktops, which could offer greater long-term flexibility and security.