Windows 10 Support Ends in October 2025: Your Upgrade, ESU, and Migration Options

On October 14, 2025, Microsoft will pull the plug on free security updates for Windows 10 Home and Pro. If your PC still runs the decade-old operating system, every day after that cutoff will leave it more vulnerable to newly discovered exploits. No patches, no fixes, no monthly safety net — unless you take action.

Roughly 60% of all Windows PCs still ran Windows 10 as of early 2025, according to Statcounter. That’s hundreds of millions of machines facing a deadline that arrives whether the hardware is ready or not. Some of those PCs can step up to Windows 11 with little friction. Many cannot, blocked by strict hardware requirements like TPM 2.0 and an 8th-gen Intel or Ryzen 2000 processor (or newer). For everyone else, the path forward splits into three rough lanes: pay Microsoft for extended security patches, bypass the official requirements and run Windows 11 unsupported, or leave Windows entirely.

What Actually Happens on October 14, 2025?

Windows 10 won’t suddenly stop working. Applications will still launch, drivers will still function, and the desktop will still appear. But the steady stream of Patch Tuesday updates that have kept the OS fortified against malware, ransomware, and zero-day exploits will dry up. Microsoft’s Security Response Center (MSRC) will stop publishing CVEs for Windows 10 unless the vulnerability is critical and affects Windows 11 as well, and even then there’s no guarantee a fix will be backported.

Without patches, every new vulnerability discovered in the shared Windows codebase becomes a permanent open door on Windows 10 machines. Threat actors reverse-engineer fixes released for Windows 11 and use them to find unfixed holes in older versions. The WannaCry outbreak of 2017, which crippled hundreds of thousands of unpatched Windows 7 systems, shows how quickly attackers move once a support cliff arrives.

Microsoft Defender will continue receiving antivirus definition updates for Windows 10 for the time being, but that only addresses known malware signatures — not the underlying OS flaws that attacks exploit to gain a foothold. Businesses subject to compliance mandates like HIPAA or PCI-DSS will lose their audit seal the moment the OS goes out of support, regardless of any third-party security tools installed.

Who Qualifies for the Free Windows 11 Upgrade?

Millions of Windows 10 PCs can upgrade to Windows 11 at no cost, provided the hardware meets Microsoft’s minimum specs:

• Processor: 1 GHz or faster with 2 or more cores on a compatible 64-bit CPU (Intel 8th gen, AMD Ryzen 2000, or Qualcomm Snapdragon 850/7c and newer)
• RAM: 4 GB
• Storage: 64 GB or larger
• TPM: Trusted Platform Module (TPM) version 2.0
• Graphics: DirectX 12 compatible with WDDM 2.x driver
• Display: >9-inch with HD Resolution (720p)
• UEFI: UEFI, Secure Boot capable firmware

Microsoft offers a PC Health Check tool that diagnoses whether a machine qualifies. But the stickiest requirement is TPM 2.0. Many capable desktop motherboards shipped with TPM 1.2 or left the header empty; adding a TPM 2.0 module can cost $20–$30 and requires a trip inside the case. Laptops without a discrete TPM chip are simply locked out unless the firmware emulates it via Intel PTT or AMD fTPM, which most 8th-gen and newer systems do.

For machines that meet the spec, upgrading is straightforward: run Windows Update or use the Installation Assistant. Apps, settings, and personal files migrate automatically, though there’s always a chance of driver hiccups, especially with older peripherals. It’s wise to run a full backup before accepting the upgrade.

Windows 11 24H2: What You Get

The current version, Windows 11 24H2, introduces several improvements that make the jump more attractive than the original 21H2 release. It finally adds native support for Wi-Fi 7, USB 80Gbps (USB4 2.0), and an updated Copilot+ AI experience on Snapdragon X-powered PCs. The Snipping Tool can now extract text from images, Narrator uses more natural voices, and the Taskbar has a refined system tray with drag-and-drop rearrangement.

Performance sees subtle gains too. The 24H2 kernel includes optimizations for hybrid CPU architectures like Intel’s P-core/E-core layouts, trimming process launch times and background thread scheduling. File Explorer loads network shares faster, and the Quick Settings panel appears instantly instead of after a half-beat delay. Battery life improvements come from a new Energy Safer mode tied to the carbon-aware Windows Update scheduler.

If your hardware supports it, Windows 11 24H2 is the logical upgrade path. But “if” is the operative word for many users.

The Hardware Gap: Why So Many PCs Can’t Upgrade

Microsoft’s decision to draw a hard line at 8th-gen Intel and Ryzen 2000 CPUs locked out an enormous install base. Intel 7th-gen and many AMD Ryzen 1000 systems — sold as late as 2018 — have the horsepower to run Windows 11 but lack the official blessing. These PCs would otherwise remain viable for years of web browsing, office productivity, and even light gaming. The TPM 2.0 requirement compounds the problem, as many DIY desktops from that era ship with TPM 1.2 or no TPM at all.

A healthy ecosystem of workarounds has sprung up to bypass these checks. Microsoft’s own registry key (AllowUpgradesWithUnsupportedTPMOrCPU) or tools like Rufus can strip the hardware validation routines from a Windows 11 ISO, allowing installation on almost any 64-bit PC. This route works — sometimes. Microsoft warns that unsupported hardware may not receive future updates, including security patches, and the company has occasionally tightened the enforcement without warning. An update could potentially break a bypassed system or leave it sidelined from cumulative updates.

Running Windows 11 on officially incompatible hardware is a gamble. For an enthusiast with time to troubleshoot, it’s often manageable. For a small business or a non-technical user, it’s a recipe for sudden downtime.

Extended Security Updates (ESU): Staying on Windows 10 — For a Price

Microsoft first introduced the ESU program for Windows 7, then extended it to Windows 10. For consumers, the offering is simple: pay $30 per device for one year of critical and important security patches. That single-year option is deliberately stop-gap. Organizations can purchase up to three years of additional coverage, with prices escalating annually: $61 per device for year one, $122 for year two, and $244 for year three (both figures are for the enterprise; schools get a steep discount).

These updates are not cumulative feature releases. They contain only security fixes rated “critical” or “important.” No new functionality, no support for emerging hardware, no driver enhancements. After the first year, even that minimal protection costs more than a new Windows 11 license for a business, making ESU a bridge rather than a destination.

For a home user, $30 buys 12 months to secure a replacement PC or explore alternatives. For a business with hundreds of aging workstations, ESU is a budget line item that grows painful after year one, pushing decision-makers toward hardware refresh cycles.

Abandoning Windows: Alternative OS Options

If Windows 11 isn’t an option and paying Microsoft for patches feels like rewarding a broken upgrade promise, the nuclear option is switching operating systems entirely. Linux distributions have come a long way in user-friendliness, and ChromeOS Flex can turn an old laptop into a cloud-first thin client. Each path has trade-offs.

Linux Mint and Ubuntu

Linux Mint 22 “Wilma,” based on Ubuntu 24.04 LTS, is the go-to recommendation for Windows refugees. Its Cinnamon desktop mimics the Windows layout: a taskbar, system tray, and Start-menu-like launcher. It runs well on hardware as old as Intel 4th-gen Core chips with 4 GB of RAM and an SSD. Snap Store integration provides access to thousands of applications, and Flatpak compatibility fills in the gaps. Most everyday tasks — web browsing, email, document editing — work with open-source equivalents like Firefox, Thunderbird, and LibreOffice.

What you lose: Adobe Creative Cloud, Microsoft Office desktop (the web version runs fine), most AAA games (Valve’s Proton handles a growing library, but anti-cheat tools still exclude many titles), and certain peripherals with Windows-only drivers. Printing and scanning sometimes require manual driver hunts. For the determined, it’s a weekend project that breathes new life into old metal. For someone who just wants things to work, the learning curve may be steeper than expected.

ChromeOS Flex

Google’s ChromeOS Flex is a lightweight, security-hardened OS built on the same Gentoo Linux base as Chromebooks. It’s designed expressly for repurposing old PCs and Macs. Installation is a breeze: create a USB drive with the Chrome extension, boot from it, and the installer does the rest. The result is a locked-down interface that runs the Chrome browser and Progressive Web Apps (PWAs). Android app support is absent, limiting some flexibility, but if everything you do happens in a browser, Flex is fast, self-updating, and virtually immune to traditional Windows malware.

The downside is the absence of native desktop apps. No Steam, no Adobe suite, no traditional development environments (though Linux containers are available in the developer settings on some hardware). Video conferencing via Zoom or Teams works through PWAs but can feel clunky compared to native clients. Hardware certification is another gotcha — Flex officially supports a curated list of models, and while it often works on unlisted hardware, audio, Wi-Fi, or trackpad issues are common.

Cloud-Ready Tablets and Thin Clients

For users whose computing is entirely online, a tablet with a keyboard folio can replace a desktop entirely. iPads and high-end Android tablets run full-featured browsers and productivity suites. The transition is jarring for those accustomed to a file manager and overlapping windows, but the simplicity and security appeal to a growing segment. Samsung DeX and iPadOS’s Stage Manager push tablets closer to desktop behavior, though neither offers the raw flexibility of a traditional OS.

New Hardware: When It’s Time to Buy

For many, the October deadline simply accelerates an overdue hardware refresh. A modern mini-PC with Windows 11 can be had for under $300, and all-in-one desktops from Dell, HP, and Lenovo start around $400. Laptops with 12th-gen Intel or Ryzen 6000 processors frequently dip below $500 during sales events. Even a budget machine will feel dramatically faster than a 2017-vintage desktop, thanks to NVMe SSDs and DDR5 memory.

Those willing to spend a bit more can future-proof with a Copilot+ PC. These devices pack an NPU (neural processing unit) capable of 40+ trillion operations per second, enabling on-device AI features like live caption translations, Windows Studio effects during video calls, and the controversial Recall timeline that Microsoft has repeatedly delayed and reworked over privacy concerns. At launch, Copilot+ PCs required a Snapdragon X chip, but Intel Lunar Lake and AMD Strix Point laptops will bring the NPU capability to x86 territory later in 2025, giving users a choice of architecture.

The Business Calculus

Enterprise customers face a messier timeline. Windows 10 Enterprise and Education editions follow a different lifecycle, often extending until 2026 or later depending on the LTSC (Long-Term Servicing Channel) branch. But even there, the writing is on the wall. Microsoft’s Copilot integration, security advances like Pluton processors, and Windows Update for Business deployment rings are all built around Windows 11. Clinging to Windows 10 risks missing out on these platform-level improvements, plus any security mitigations that rely on the newer kernel.

Managed IT providers report a steady uptick in migration projects throughout early 2025, with many businesses finally tackling the inventory of incompatible hardware they deferred during the pandemic. The rise of Windows 365 Cloud PCs offers a third path: stream a fully patched Windows 11 desktop from Microsoft’s cloud to any device, including an aging Windows 10 PC, turning it into a thin client. Monthly per-user pricing starts at around $31 for a basic configuration, making it a viable stopgap for companies that can’t refresh hardware in time.

The Risks of Doing Nothing

“I’ll just keep using it” is the most common — and most dangerous — coping strategy. Unsupported Windows versions inevitably become a playground for crimeware. The EternalBlue exploit that powered WannaCry was patched months before the outbreak, but the attack still succeeded because millions of machines missed the update. On Windows 10 post-October 2025, there won’t be any patches to miss. Every exploit becomes a zero-day that never gets a fix.

Banking trojans, credential stealers, and ransomware gangs will begin actively targeting Windows 10 as the population of defendable targets shrinks. Browsers and third-party apps will eventually drop support too, compounding the risk. Google Chrome, for instance, typically cuts off unsupported OS versions within a year or two after end-of-life, leaving users without a secure web browser.

Making the Decision: A Framework

Every user’s situation is unique, but a simple matrix can guide the choice:

No single answer works for everyone, but the clock is ticking. Waiting until October 14, 2025 to decide will leave you scrambling with zero days of margin. Start the PC Health Check today, and if your system fails, pick your escape hatch now — before the rush.