Microsoft will pull the plug on Windows 10 security updates on October 14, 2025, forcing hundreds of millions of users to either upgrade to Windows 11 for free, pay for a one-year reprieve, or leave their machines exposed. The hard deadline has already triggered a surge in Windows 11 adoption, with independent trackers showing the newer OS surpassed Windows 10 in global desktop market share around mid-2025. For anyone still running the aging operating system, the window for a safe, supported migration is closing fast.

What "end of support" actually means

When Microsoft marks an OS as end of support, the machine doesn't stop working overnight. Instead, the company stops issuing security patches for newly discovered vulnerabilities, no longer delivers feature or quality updates, and withdraws official technical support. Without vendor-patched fixes, everyday threats—ransomware, credential stealers, zero-day exploits—find a wide-open door. Businesses, regulated entities, and anyone handling sensitive data face compliance risks and potential liability. Consumer devices become low-hanging fruit for botnets and identity theft. Microsoft's own lifecycle page confirms October 14, 2025 as the cutoff, and details the two primary escape hatches: upgrade to Windows 11 or enroll in a consumer Extended Security Updates (ESU) program that lasts until October 13, 2026.

The upgrade landscape: market momentum and timing

Windows 11 adoption accelerated sharply in the first half of 2025 as users and organizations finally moved off Windows 10. StatCounter data indicated Windows 11 became the most-used Windows edition around July 2025, although the exact crossover month varied slightly across trackers. The surge correlates directly with the looming deadline. This broad adoption brings practical benefits: hardware makers and software vendors are now prioritizing Windows 11 driver and application compatibility, reducing the friction for late upgraders. Microsoft's rollout will continue to favor recent PC models, but the ecosystem is far more mature than it was in 2022.

Windows 11 compatibility: what Microsoft requires (and why)

Windows 11 enforces a higher security bar than Windows 10. The official minimum hardware requirements are:

  • CPU: 1 GHz or faster with 2+ cores, and the processor must appear on Microsoft's approved list (specific Intel, AMD, and Qualcomm models).
  • Memory: 4 GB RAM minimum (though 8 GB is recommended for a smooth experience).
  • Storage: 64 GB or larger drive (SSD strongly recommended).
  • System firmware: UEFI with Secure Boot capability.
  • TPM: Trusted Platform Module version 2.0.
  • Graphics: DirectX 12 compatible GPU with WDDM 2.0 driver.
  • Display: 720p or higher resolution.

These requirements amount to a de facto hardware cutoff: millions of otherwise functional PCs—many with 7th-gen Intel Core or first-gen AMD Ryzen processors—are blocked because they lack TPM 2.0 or an officially supported CPU. Microsoft argues the baseline shored up reliability and security, pointing to internal telemetry showing fewer kernel crashes on compliant devices. The company has occasionally expanded the CPU compatibility list (for instance, adding a few Intel X-series workstation chips), but the TPM 2.0 and Secure Boot mandates remain non-negotiable for supported upgrades.

What TPM 2.0, UEFI, and Secure Boot do
- TPM 2.0: A hardware or firmware component that stores encryption keys, enables device attestation, and powers features like BitLocker and Windows Hello. It's fundamental to Windows 11's security architecture.
- UEFI + Secure Boot: The modern replacement for legacy BIOS, coupled with a feature that verifies bootloaders and prevents unsigned code from running at startup. This blocks many rootkits and boot-level malware.

Most modern laptops and prebuilt desktops already include a firmware TPM (fTPM on AMD, PTT on Intel) that's simply disabled by default. Enabling it in the BIOS/UEFI setup often resolves the compatibility check without new hardware.

How to check if your PC is eligible

Microsoft provides two straightforward ways to confirm eligibility:

  1. Open Settings > Windows Update and click Check for updates. If your device qualifies, a "Download and install Windows 11" option appears.
  2. Download and run the PC Health Check app from Microsoft's website. It reports exactly which requirements are met and which are not—TPM, Secure Boot, CPU, RAM, storage, and graphics. The tool may also flag temporary compatibility holds for specific drivers or apps that need vendor updates.

If PC Health Check fails on TPM or Secure Boot, a trip to the BIOS is the first fix. On many OEM systems, these features are off by default. A firmware update from the manufacturer can also expose missing options. If the CPU itself is unsupported, however, the machine is officially ineligible for Windows 11.

Official upgrade paths to Windows 11 (all free)

For eligible devices, Microsoft offers three supported methods to move from Windows 10 to Windows 11 while preserving apps, files, and settings:

  • Windows Update (in-place upgrade): The simplest route. The upgrade appears inside Windows Update when the device is ready. It downloads and installs Windows 11 just like a monthly patch.
  • Windows 11 Installation Assistant: A dedicated tool downloadable from Microsoft's Windows 11 download page. It walks through the upgrade step-by-step, useful if Windows Update hasn't offered the new OS yet.
  • Media Creation Tool / ISO: Download the tool from Microsoft to create a bootable USB drive or save an ISO file. This method works for both clean installs and upgrades that keep existing data.

Recommended pre-upgrade checklist:

  • Back up everything: full disk image to an external drive plus cloud sync (OneDrive or equivalent).
  • Update Windows 10 to the latest build (22H2 or later) and install all pending driver updates.
  • Run PC Health Check and enable TPM/Secure Boot if flagged.
  • Choose the upgrade method: Windows Update for a hands-off approach, Installation Assistant for more control, or Media Creation Tool for a clean start.

What to do when your PC fails the compatibility check

If PC Health Check reports an incompatible CPU or missing TPM 2.0 after enabling all BIOS options, you face a fork in the road.

Short-term fixes that often work
- Enable fTPM/PTT and Secure Boot in UEFI/BIOS, then re-test.
- Update the system BIOS/firmware; some motherboard vendors added TPM support or corrected reporting errors after shipping.
- Double-check Microsoft's CPU compatibility list—a handful of originally unsupported processors were added later after validation.

If none of that works, the official options are:

  • Buy a new Windows 11-capable PC. Many retail machines now ship with Windows 11 preinstalled, and trade-in programs can offset costs.
  • Upgrade key components (CPU, motherboard) on desktops where it's cost-effective.
  • Enroll in the consumer ESU program to receive security updates for one more year while planning a hardware transition.

A word on unofficial workarounds: Third-party tools and modified install images can bypass the hardware checks and install Windows 11 on unsupported PCs. These systems will run, but they are not entitled to official support or guaranteed updates. Microsoft may withhold security patches, and driver stability is hit-or-miss. For security-conscious users, this gambit is not worth the risk.

Extended Security Updates (ESU): buying time

Microsoft's consumer ESU program grants a single year of critical and important security updates after October 14, 2025, ending on October 13, 2026. Enrollment is offered through an in-OS flow that may involve:

  • Redeeming Microsoft Rewards points.
  • Paying a modest fee (the exact price and availability vary by region).
  • Other pathways outlined during the enrollment process.

ESU is strictly a temporary bridge. It buys time to replace hardware or complete a migration, but after October 2026, unprotected Windows 10 machines become a growing liability. Enterprises have parallel ESU offerings under separate licensing terms; the consumer program is aimed at individuals and very small businesses.

Risks and pitfalls to watch

  • Data loss: Upgrades usually preserve personal files, but an image backup is mandatory. Hardware failures mid-upgrade can nuke a partition.
  • Driver regressions: Older devices, especially those upgraded via workarounds, may lack Windows 11 drivers. OEMs prioritize newer models.
  • Activation headaches: A valid Windows 10 digital license should carry over, but if activation fails, Microsoft support can usually revalidate the hardware-bound license.
  • App compatibility: Niche or legacy software may need updates or replacements. Test business-critical apps in a Windows 11 virtual machine before committing.
  • Privacy changes: Windows 11 nudges users toward a Microsoft account and cloud services; review the onboarding settings carefully.

Quick decision guide

  1. Your PC is eligible and you use it for everyday tasks: Back up, enable TPM/Secure Boot if needed, and upgrade via Windows Update or Installation Assistant. This preserves everything and restores official support.
  2. Your PC is not eligible but works fine for your needs: Enroll in ESU immediately to cover the short term, and plan hardware replacement within 12 months. Do not rely on unofficial patches.
  3. You run business-critical or regulated workloads: Stage a test migration, confirm ISV support, and schedule a controlled rollout with rollback images. Treat October 14, 2025 as a hard compliance deadline.

Final takeaway

Windows 10's retirement is not a gradual fade-out; it's a cliff. On October 14, 2025, the updates stop. For the majority of users, the best play is a straightforward, supported upgrade to Windows 11—free, fast, and safe. The tools are mature, the ecosystem is ready, and the process mostly preserves existing setups. If your hardware can't make the jump, ESU buys a short, fixed window of protection while you arrange a permanent solution. The clock is real. Run PC Health Check today, back up your data, and move to Windows 11 while every security patch still flows.