With mere weeks before Microsoft ends support for Windows 10, a new Kaspersky telemetry study reveals that 53% of PCs it monitors are still running the aging operating system, and nearly 60% of corporate devices remain on the platform. The snapshot, drawn from anonymized metadata provided by consenting Kaspersky Security Network users, drives home an urgent message: migration to Windows 11 is far from complete, and millions of devices—consumer and business alike—are about to become cyber-liabilities.

Microsoft has marked October 14, 2025, as the final date for Windows 10 security updates, routine patches, and standard technical support. After that, only customers who purchase Extended Security Updates (ESU) will continue to receive fixes. Kaspersky’s study, released at the end of the OS’s lifecycle, shows that while 33% of monitored devices have moved to Windows 11, a substantial 8.5% are still on Windows 7, an OS unsupported since 2020. The enterprise segment lags further behind: 59.5% of corporate devices run Windows 10, and in small businesses the figure is 51%. Windows 7 holds a stubborn 6% share in both categories.

Regional breakdowns provided by Kaspersky add texture. In the Middle East, 54% of devices are on Windows 10, with only 30.8% upgraded to Windows 11. Africa shows 52.8% on Windows 10 and 35.95% on Windows 11. Both regions also report a Windows 7 tail of roughly 4–8%. These numbers, based on KSN telemetry, hint at a global challenge that does not respect borders or sector boundaries.

Oleg Gorobets, Security Expert at Kaspersky, drew a stark comparison: “A system which is not receiving security updates is like a house with a rotting fence which can be knocked down with just a single kick.” His warning is aimed squarely at corporate IT departments that may view an OS upgrade as a disruption rather than a security imperative. “From a cybersecurity point of view, the risk for both general and corporate business users far outweighs any minor inconveniences of moving to a new OS version,” Gorobets said. He underscored that even the best security software cannot fully compensate for missing OS-level patches.

Why the Numbers Demand Attention

Kaspersky’s telemetry is not a global census. It represents endpoints where KSN is active, which may skew the data toward certain regions, user types, and product install bases. Yet other independent trackers corroborate the central theme. StatCounter’s web-analytics-derived snapshots have shown Windows 11 finally surpassing Windows 10 in some months of 2025, but the exact shares fluctuate week to week. ControlUp’s Windows 11 Readiness study, focused on enterprise endpoints, reported that around 50% of corporate machines were not yet fully migrated. PC makers like HP and Dell have publicly warned that refresh cycles will stretch into 2026 for many customers due to hardware compatibility constraints, budget cycles, and application testing backlogs.

Thus, while percentages differ depending on measurement methodology, the operational reality is consistent: a very large number of devices—especially in critical business roles—will lose vendor support on October 14, 2025. The consequences of inaction are severe.

The Real-World Risks of Running an Unsupported OS

Security vulnerabilities will no longer be patched by Microsoft. Cybercriminals closely track Patch Tuesday releases and reverse-engineer fixes to develop exploits for unpatched systems; without updates, every new vulnerability becomes a permanent open door. Ransomware groups and advanced persistent threats historically ramp up attacks on end-of-life software. “Once an operating system reaches its end-of-life, unresolved security vulnerabilities remain unpatched, meaning cybercriminals can gain potential opportunities to exploit them,” Kaspersky warned.

Software and driver compatibility also declines. Independent software vendors and hardware manufacturers prioritize supported Windows versions, so critical line-of-business applications may stop functioning or become unstable on Windows 10 over time. Meanwhile, regulatory compliance and cyber insurance policies increasingly mandate supported and patched operating systems as a baseline control. Running an EOL OS can trigger audit findings, fines, and loss of coverage.

Operationally, mixed-OS estates complicate endpoint management, patch orchestration, and incident response. IT teams must maintain separate workflows for Windows 10, 11, and perhaps even Windows 7, increasing overhead and the likelihood of misconfigurations. The cost of fragmentation often exceeds the cost of a focused migration.

Corporate IT: Treat the OS as a Priority, Not an Afterthought

Enterprise endpoints often run mission-critical line-of-business apps and bespoke integrations that require lengthy quality assurance cycles. That complexity is precisely why many lag behind consumer adoption. But the longer these endpoints remain unsupported, the greater the potential for a single exploit to cascade into a widespread data breach, ransomware incident, or production outage.

For security and IT leadership, the first step is absolute clarity on the estate. Inventory all devices, identify Windows 10 versions and build numbers, and check for TPM 2.0, UEFI Secure Boot, and supported CPU generations. Tag devices by business criticality: systems used by C-suite executives, domain controllers, internet-facing servers, and high-privilege users must move to the front of the line. Medium-risk machines like standard office desktops can follow a scheduled migration window. Low-impact or lab equipment can be decommissioned or isolated.

A Practical Migration and Mitigation Playbook

IT teams can follow a prioritized, time-bound plan adapted from Kaspersky’s recommendations and industry best practices.

Days 0–3: Inventory and Classify
Use endpoint management tools to pull OS versions, BIOS/UEFI status, TPM presence, and CPU families. Tag devices by role and exposure—remote workers, public internet-facing endpoints, and administrative accounts get the highest priority.

Days 3–7: Triage by Risk
Immediately address high-risk devices: upgrade them or, if replacement is needed, enforce strict network isolation and enhanced monitoring. Schedule medium-risk devices for later migration windows. Segregate or decommission legacy systems that cannot be upgraded.

Days 7–21: Assess Upgrade Eligibility and Compatibility
Run Microsoft’s PC Health Check tool on all machines to determine which can accept an in-place Windows 11 upgrade. Validate line-of-business application compatibility in a test or pilot environment. Identify hardware that cannot meet Windows 11’s requirements (TPM 2.0, 64-bit CPU with specific generations) and plan for replacement.

Days 14–60: Pilot Rollout and Rollback Planning
Start a controlled pilot on representative hardware and user profiles. Document rollback steps meticulously; take image and file backups before any upgrade. Test critical workflows, printers, and peripherals.

Weeks 6–24: Scale Upgrades and Replacements
Roll out upgrades in phases, department by department, to manage help-desk load and budget cycles. For hardware that is incompatible, initiate procurement now: supply chains remain uneven, and lead times can stretch. OEM statements suggest migration and refresh cycles will run well into 2026, so early ordering avoids premium pricing.

Use ESU as a Short-Term Bridge
For mission-critical Windows 10 devices that absolutely cannot migrate before the deadline, enroll them in Microsoft’s Extended Security Updates program. Consumer ESU options offer a limited one-year path; enterprise ESU is sold in annual increments through 2028, with escalating costs. ESU is a stopgap, not a strategy, and should be paired with a firm decommissioning or upgrade date.

Harden Remaining Windows 10 Machines
Even with ESU, layers of defense are essential. Apply network segmentation, restrict administrative privileges, enforce multi-factor authentication, and tighten firewall rules. Employ modern EDR/XDR solutions with exploit prevention, application allow-listing, and virtualization-based security where hardware supports it. Increase logging, retention, and proactive threat-hunting on high-risk endpoints. Kaspersky specifically recommends exploit-prevention-enabled endpoint solutions, but they stress that these are complementary to, not substitutes for, OS vendor updates.

Alternatives for Final-Mile Cases

Some older machines cannot be economically upgraded to Windows 11. For certain user profiles, cloud-hosted Windows 365 Cloud PCs deliver a fully supported Windows 11 experience without hardware replacement. This is ideal for contractors, temporary staff, or roles requiring access to modern security controls but limited local processing. Consumers may also consider converting older PCs to ChromeOS Flex or a beginner-friendly Linux distribution, extending hardware lifespans while maintaining a supported, patched environment.

Consumer Guidance: A Short Checklist

  • Check your device’s eligibility using Microsoft’s PC Health Check tool.
  • Back up all critical data: a full image backup plus a cloud copy of important files.
  • If your PC qualifies, follow the vendor’s upgrade instructions. If not, explore ESU enrollment options, or consider replacing the device.
  • Never assume that antivirus alone can protect an unsupported OS; the risk is systemic.

Critical Analysis of Kaspersky’s Report

Kaspersky’s dataset provides endpoint-level visibility that is highly relevant for security posture assessments within its protected population. The report delivers a clear, actionable warning tied directly to a fixed deadline. However, built-in sampling bias must be acknowledged: KSN telemetry reflects consenting devices where Kaspersky software is installed, which may over- or under-represent certain regions, sectors, and device classes. Extrapolating these figures globally without adjustment can mislead planning. Regional percentages cited from secondary outlets should be verified against Kaspersky’s original regional pages or raw data exports before being used for procurement decisions. Moreover, the snapshot nature means shares shift rapidly—StatCounter numbers varied weekly in mid-2025—so Kaspersky’s data is a time-bounded warning, not a continuously representative census.

Despite these caveats, the operational meaning is unambiguous: in environments where Kaspersky is installed, a majority of endpoints will become unsupported on October 14, 2025. Reconciling KSN findings with in-house inventories and other public trackers yields a credible, urgent call to action.

The Bottom Line

October 14, 2025, is a pivot point. Systems not updated or enrolled in ESU will operate on vulnerable footing. Kaspersky’s telemetry, combined with corroborating industry data, shows that the global migration to Windows 11 is far from finished—and the window for orderly transition is closing.

Organizations must inventory, triage, and prioritize now. Pilot Windows 11 upgrades, budget for hardware replacements where necessary, and use ESU only as a temporary bridge. Harden any machine that must remain on Windows 10 during the transition. Consumers should check eligibility, back up data, and upgrade or replace their devices without delay. Relying solely on endpoint protection is a gamble that has repeatedly proven costly. The rotting fence is real, and the next few months are the last chance to build a solid digital foundation.