Microsoft will stop issuing security updates for Windows 10 on October 14, 2025. With nearly half of all Windows PCs still running the old operating system, millions of users face a ticking clock. After that date, any new vulnerability in Windows 10 becomes a permanent open door, unless you take action.

That action can take a few forms: upgrade to Windows 11 for free, pay Microsoft for a lifeline called Extended Security Updates, or shift to a new device or different platform. Each path carries its own costs, timelines, and risks. Here is what you need to know—and do—before the deadline.

The Hard Deadline: What Actually Ends on October 14

October 14, 2025 marks the end of mainstream servicing for Windows 10 version 22H2, the final feature release of the operating system. After that date, Microsoft will no longer deliver routine security patches or quality fixes to devices running Windows 10—unless you purchase Extended Security Updates (ESU).

It’s crucial to understand what stops and what doesn’t. Microsoft 365 applications like Word and Outlook will continue to receive updates on Windows 10 for a period, under a separate servicing timeline. But that application-level protection does nothing to close a gap in the Windows kernel, a driver, or a system service. As Microsoft’s own lifecycle policy states, once OS-level support lapses, the attack surface for those core components widens permanently.

For the first time, Microsoft is offering ESU to individual consumers—not just businesses. Home users can buy a one-year extension of critical security updates for $30. Enterprise customers get a three-year option, with per-device costs that rise steeply each year to push organizations toward a full migration. Microsoft has not publicly listed consumer pricing beyond the first year, but the company stresses that ESU is a temporary bridge, not a permanent solution.

What Happens If You Stay on Windows 10

Without patches, every new flaw discovered in Windows 10 becomes a weapon for attackers. History shows that unsupported operating systems are prime targets. When Windows 7 reached end of life in 2020, threat actors actively exploited the unpatched machines, often within weeks. Ransomware gangs and botnet operators famously scan for end-of-life systems because they know no fixes are coming.

For everyday users, the risk might start with a phishing email that leverages a known browser or network vulnerability. For businesses, especially those handling regulated data, the stakes are higher. Auditors and cyber-insurance underwriters routinely flag unsupported software as a critical control failure. A single unremediated device can trigger compliance violations under frameworks like PCI DSS, HIPAA, or GDPR, potentially leading to fines or loss of client contracts.

A common misconception is that third-party antivirus software will protect you. While such tools help, they cannot patch the underlying operating system. A flaw in the way Windows handles fonts, manages memory, or processes network packets can allow an attacker to bypass security products entirely.

Your Options: Upgrade, Pay, or Switch

For most people using Windows 10, three practical paths exist. A fourth, more radical route—moving to an entirely different ecosystem—may appeal to some.

Option 1: Free Upgrade to Windows 11

If your PC meets the hardware requirements, upgrading to Windows 11 is the simplest and cheapest move. Microsoft still offers the upgrade at no cost for eligible devices. You need:

  • A compatible 64-bit processor (Intel 8th Gen or later, AMD Ryzen 2000 or later)
  • TPM 2.0
  • UEFI Secure Boot capable
  • 4 GB of RAM and 64 GB of storage

Run Microsoft’s PC Health Check tool to see if your current machine qualifies. Many older PCs fail solely because of the TPM requirement, even if they perform well. For these, a manual upgrade via registry hacks is technically possible but unsupported and risky—future updates could break such installations, and you won’t receive security updates reliably.

If your hardware passes, the in-place upgrade preserves your files and most applications. Expect the process to take an hour or two, depending on your system speed. As with any major OS change, back up your data first.

Option 2: Pay for Extended Security Updates

Microsoft’s ESU program now comes in two flavors:

  • Consumer ESU: One year of security updates for $30. This program covers only “critical” and “important” vulnerabilities as rated by Microsoft. It does not include new features, bug fixes, or technical support. You must enroll before the deadline, though Microsoft has not yet detailed the exact purchase mechanism. Enrollment is expected to open closer to October.
  • Enterprise ESU: Available for organizations with volume licensing. Year 1 costs roughly $61 per device, doubling in Year 2 and doubling again in Year 3. For a company with 10,000 seats, the cumulative tab can quickly reach millions of dollars. ESU is designed to make procrastination expensive.

ESU is a stopgap. Use it only for devices you cannot migrate in time, and set a firm sunset date for each one.

Option 3: Buy a New Windows 11 PC

If your current hardware is ineligible, and you want full support, purchasing a new Windows 11 machine is the cleanest path. Budget laptops and desktops can be found for under $500, and they come with the latest hardware security features—including TPM 2.0, virtualization-based security, and secure boot enabled by default. These modern protections significantly reduce exploit vectors.

For businesses handling large fleets, procurement can be a bottleneck. Supply chain constraints reported in some regions may lengthen lead times, so ordering early is critical. Companies serving regulated industries like healthcare or finance should consider rental or refurbished units from specialized vendors to bridge any gap. According to a report by Outsource Accelerator, many business process outsourcing firms are turning to rental fleets to meet client compliance deadlines without massive upfront capital expenditure.

Option 4: Switch Operating Systems or Go Cloud

For the adventurous, Linux distributions like Ubuntu or Linux Mint offer a free, secure alternative on older hardware. However, this means leaving the Windows ecosystem behind—your Windows applications may not run, and the learning curve can be steep.

Businesses can also move sensitive workloads to a cloud desktop service like Windows 365 or Azure Virtual Desktop. The cloud PCs run a fully up‑to‑date Windows 11 image, so even an old local endpoint becomes just a thin client. This approach reduces the number of physical machines requiring immediate replacement and isolates regulated data in a patched environment.

Planning Your Migration: Timelines and Tools

For a single home PC, the upgrade decision can be made in an afternoon. For an organization with thousands of devices, the timeline stretches to months. Industry guidance cited by Outsource Accelerator suggests a full Windows 11 migration can take up to 14 months from planning to completion. That means if you start now, you’re already cutting it close.

For Home Users

  • Run the PC Health Check app to determine eligibility.
  • If eligible, decide between an in-place upgrade or a clean install. A clean install gives a fresh start but requires reinstalling applications and restoring backed-up data.
  • Plan a weekend for the upgrade. Disconnect non-essential peripherals, ensure you have your Microsoft account credentials handy, and temporarily disable any third-party antivirus.
  • If ineligible, sign up for the consumer ESU as soon as Microsoft opens enrollment. Keep an eye on your Windows Update settings for a notification.

For IT Administrators

  • Inventory immediately. Use a tool like Microsoft Endpoint Configuration Manager or a third‑party asset management solution to audit every device. Tag each by model, TPM version, CPU generation, and business criticality.
  • Prioritize risk. Customer-facing systems, those holding sensitive data, and any meeting compliance requirements should migrate first.
  • Run pilots. Test Windows 11 on a representative sample of your hardware and line-of-business applications. Validate printers, scanners, and any custom software. Document rollback procedures.
  • Segment and protect laggards. For devices that must remain on Windows 10 temporarily, strengthen network segmentation and endpoint detection and response (EDR) policies. Log everything for auditors.
  • Communicate. Notify clients, insurers, and internal stakeholders of the migration plan and any compensating controls. Transparency can prevent contractual disputes.

The Hidden Costs of Waiting

Delaying action is not free. For enterprises, the escalating cost of ESU is just the most visible expense. Others include:

  • Compliance gaps: Regulators may treat even a single unpatched machine as a violation, triggering fines or mandatory reporting.
  • Cyber-insurance hurdles: Many insurers now require proof that all endpoints run a supported OS. A lapse in coverage could leave you fully exposed.
  • Lost productivity: A security incident that spreads through an unprotected fleet can shut down operations for days.

Conversely, proactive organizations can turn the deadline into an advantage. Early bulk purchases of new hardware often yield better pricing. Modernizing to Windows 11 also unlocks hardware-backed security features that can reduce long-term risk and possibly lower insurance premiums.

What to Do Right Now: A 30-Day Action Plan

If You’re a Home User

  1. Check compatibility: Download and run the PC Health Check app this week.
  2. Back up your files: Use an external drive or a cloud service like OneDrive to ensure your data is safe before any major change.
  3. Make a decision tree: If compatible, schedule the upgrade for a weekend. If not, plan to purchase the $30 ESU or buy a new PC. Mark your calendar with the chosen action date.
  4. Secure your online accounts: Enable two-factor authentication on your email and other critical services. A compromised OS makes it easier for attackers to steal credentials.

If You’re an IT Administrator

  1. Week 1: Run a forced inventory scan across all sites. Identify Windows 11‑eligible devices and flag those that require ESU or replacement.
  2. Week 2–3: Order sample new hardware and begin pilot testing with your top five critical applications.
  3. Week 4: Lock in procurement for any device replacements, negotiate ESU licenses only for the unmigratable cohort, and draw up a communication draft for clients and auditors.
  4. Month 2: Start phased rollouts, beginning with the highest-risk systems. Expand helpdesk capacity and prepare user guides.

What’s Next

Microsoft has made its intentions clear: Windows 11 is the present and future. The company has already begun previewing features that will never come to Windows 10, and the AI‑powered Copilot+ PCs require Windows 11. While Windows 10 won’t suddenly stop working on October 14, using it will become a gamble with increasing stakes.

For businesses, the end of Windows 10 is more than an IT project; it’s a test of operational discipline. Clients and partners will watch how you handle it. For individuals, it’s a chance to upgrade your digital security posture with a few hours of focused effort.

The clock is ticking. Whether you choose to upgrade, pay, or replace, the smartest move is to do it on your own terms—before October 14 forces your hand.