On October 14, 2025, Microsoft will permanently stop shipping security patches for Windows 10. For the hundreds of millions of PCs still running the operating system—many of which cannot upgrade to Windows 11—the deadline forces a stark choice: abandon a perfectly functional machine, pay for short-term protection, or embrace creative workarounds that carry real risk. The picture, however, is not uniformly grim. A handful of well-documented paths exist, each balancing cost, convenience, and long-term safety in different ways. This guide unpacks the technical facts, official policies, and community-tested workarounds that will determine what happens to your device after Microsoft’s clock runs out.
The pre-October checklist: three moves to make immediately
Before sorting through upgrade paths, take three actions that will protect your data and give you a recovery lifeline no matter which direction you choose. First, create a full system image backup combined with a separate copy of all user files. Store one local copy on an external drive and another in a cloud service. Microsoft’s own Windows Backup utility is an adequate starting point for file-level copies, but a dedicated imaging tool like Macrium Reflect is safer for a complete snapshot. Second, download the official Windows 10 22H2 ISO using the Media Creation Tool, and store it alongside its SHA-256 checksum. A bootable USB created with that same tool is equally valuable. Third, run the PC Health Check app on every device you intend to keep. The utility will pinpoint exactly which requirement—TPM 2.0, Secure Boot, CPU generation, RAM, or storage—is blocking a Windows 11 upgrade. Without this data, you are navigating blind. Completing these three steps takes under an hour and costs nothing, yet it prevents a catastrophic scramble when the support clock stops.
Option 1: Upgrade to Windows 11 (the supported route)
Devices that pass Microsoft’s strict hardware bar enjoy the smoothest transition. The official minimum specifications have not budged: a compatible 64-bit processor on the company’s approved list, at least 1 GHz with two or more cores, 4 GB of RAM, 64 GB of storage, UEFI firmware with Secure Boot capability, and TPM 2.0. PC Health Check confirms eligibility instantly. For those machines, upgrading remains free and restores full access to security updates, quality fixes, and feature releases.
The procedure is straightforward: update the current Windows 10 installation to version 22H2, ensure all pending updates are applied, then trigger the upgrade through Windows Update or the Installation Assistant. A clean install using the Windows 11 ISO is possible for users who prefer a blank slate. Whichever path you take, the result is a fully supported, modern operating system with hardware-backed protections such as virtualization-based security and hypervisor-protected code integrity.
The catch is obvious. Millions of fully functional PCs—often just a few years old—fail one or more of the requirements. Owners of those machines must either bypass the barriers or look elsewhere.
Force-upgrading to Windows 11: why bypass tools are a last resort
A cottage industry of third-party utilities has emerged to skirt Microsoft’s hardware checks. Flyby11, documented prominently in community forums and on GitHub, exploits a difference in how the Windows Server setup engine handles compatibility checks. Because Server variants do not enforce the same TPM, Secure Boot, or CPU whitelist as consumer editions, the tool effectively tricks the installer into proceeding on unsupported hardware. Rufus can accomplish similar results by patching the installation media.
These methods work today, and users report systems that boot and run normally afterward. The long-term consequences, however, are severe and poorly understood by casual adopters. Microsoft’s official position is unambiguous: devices installed in this state may be denied future security and feature updates. The company’s history with unsupported configurations suggests it can and will revoke update access selectively, leaving the machine not merely unsupported but potentially unpatched against emerging exploits. Moreover, each major Windows 11 feature update typically requires a fresh bypass—often a clean installation—breaking any expectation of seamless maintenance. Driver support on older hardware can be erratic, and some security features may not function at all.
Forced upgrades are therefore an interim bridge at best. They offer a way to test Windows 11 on a marginal device before committing to new hardware, but they are not a sustainable long-term strategy. Treat them as a short-term experiment, back up relentlessly, and have a fallback plan ready.
Option 2: Microsoft’s Extended Security Updates (ESU) program—$30 buys one year
For users who cannot or will not leave Windows 10 behind, Microsoft has created a consumer ESU program that mirrors the enterprise offering but at a dramatically lower price point. The deal is simple: pay $30 per device, and receive critical and important security patches through October 13, 2026. No new features are included, and general technical support ends with the October 2025 deadline.
Enrollment opened gradually in late 2024 and early 2025 through the Windows Update settings page. Three methods exist: link a Microsoft account and enable Windows Backup (free), redeem 1,000 Microsoft Rewards points (effectively free for active Rewards users), or purchase the license outright for $30 plus tax. Each license covers up to ten devices associated with the same Microsoft account. Organizations must use a different, volume-licensed path with per-device fees that escalate each year—typically doubling annually.
The ESU program is intended as a temporary bridge, a characterization Microsoft emphasizes repeatedly in its IT Pro documentation. Once the twelve months expire, there is no guarantee of further extension for consumers. Enterprise pricing patterns suggest that any second year for individuals would be significantly more expensive, though no official announcement has been made. Until then, ESU is the safest short-term option for devices that will be retired or replaced within a year. Enroll early to avoid a gap in coverage; the free path via Windows Backup is the most painless method.
Option 3: Buy new hardware
The bluntest solution is also the most definitive. Purchasing a modern laptop or desktop eliminates every compatibility concern at once. Current-generation machines ship with TPM 2.0, UEFI Secure Boot, and CPUs validated for Windows 11, and they often bring additional benefits: better battery life, faster storage, higher-resolution displays, and modern connectivity. For users whose workloads demand reliability and whose time is valuable, the premium is easily justified.
The environmental and financial costs are real, however. Disposing of a working machine contributes to e-waste, and the budget outlay can be steep. A phased approach—replacing the most critical systems first, then cycling through auxiliary devices—spreads the impact. Before purchasing, verify compatibility for any specialized hardware (scanners, label printers, legacy peripherals) that Windows 11 might not support natively. For the majority of consumers, a new device is a one-time fix that re-establishes a multi-year support horizon.
Option 4: LTSC editions—long-term servicing for power users and enterprises
Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021 were designed for systems that require minimal change: ATMs, medical devices, industrial controllers. Their lifecycle timelines reflect that specialized role. Enterprise LTSC 2021 receives mainstream support until January 12, 2027. The IoT edition extends that to January 13, 2032. Neither edition receives feature updates, only security fixes, which makes them ideal for environments where stability trumps novelty.
LTSC is not a consumer product. Licensing typically runs through Volume Licensing agreements, and Microsoft does not sell individual LTSC licenses through retail channels. Third-party key sellers offering “cheap LTSC keys” operate in a gray area that may violate licensing terms and leave buyers without recourse. Even legally obtained copies omit many consumer-oriented features: the Microsoft Store is absent, Cortana is stripped out, and some apps that rely on store components may fail to install. For a home user, the friction is significant. For a small business with a handful of legacy systems, however, LTSC can be a legitimate—if administratively complex—way to stretch Windows 10’s lifespan until a replacement plan is funded and executed.
Option 5: Archive the Windows 10 ISO while you can
One low-effort action protects you regardless of which survival route you take: grab the official Windows 10 22H2 installation image now. Microsoft has made no promise to keep the download available indefinitely after October 2025. Historical precedent suggests that older ISOs are sometimes moved behind paywalls or removed entirely, leaving users to rely on third-party mirrors of unknown integrity.
Using the Media Creation Tool, select “Create installation media” and save the ISO file. After download is complete, right-click the file in File Explorer, copy its path, and run Get-FileHash -Path <path> -Algorithm SHA256 in PowerShell. Record the hash in a text file stored alongside the ISO. If you ever need to verify the image after months or years of storage, this checksum will confirm it has not been corrupted. Optionally, create a bootable USB with the tool and label it clearly. This archive is your safety net for clean reinstalls, repairs, or rollbacks.
Option 6: Alternatives beyond Microsoft’s ecosystem
Leaving Windows entirely is a viable, zero-cost strategy for users whose computing needs center on web browsing, email, office productivity, and media consumption. Modern desktop Linux distributions—Ubuntu, Linux Mint, Fedora—run comfortably on older hardware, provide years of updates, and offer familiar desktop environments. ChromeOS Flex, Google’s lightweight operating system, turns aging PCs into Chromebook-like devices suitable for web-centric tasks. Both paths require careful evaluation of software compatibility: Microsoft Office must be replaced by LibreOffice or web-based alternatives, and specialized Windows-only applications may have no equivalent.
Windows 365 Cloud PC offers a different model: rent a Windows 11 virtual machine hosted in Microsoft’s data centers, then access it from any device with an internet connection. The local machine becomes a thin client, offloading all security and update responsibilities to the cloud provider. Monthly per-user pricing starts at $31 and scales with configuration. This option appeals to businesses that want centralized management and to individuals who value leaving their old hardware in place, but the recurring cost quickly exceeds a hardware upgrade over time.
A third-party micropatching service, 0patch, has publicly committed to providing security fixes for Windows 10 after Microsoft’s cutoff. The company’s approach injects tiny, targeted patches directly into memory without modifying system files, sidestepping the need for full OS updates. Organizations in regulated industries sometimes employ 0patch as a compliance stopgap when they cannot immediately migrate. The service is not free—pricing varies based on device count—and it does not replace full vendor support, but it is a credible, commercially supported alternative for users willing to accept an operational model that differs from Microsoft’s own.
Risk analysis and practical recommendations
The safest paths are the ones that retain a direct line to official patches. Upgrading to Windows 11 on an eligible device and enrolling in consumer ESU for a year on a non-upgradeable device both keep the security pipeline open. Forcing a Windows 11 install on unsupported hardware, by contrast, introduces moving targets: update blocks, driver instability, and potential exclusion from future patches. LTSC offers long-term stability but requires enterprise licensing knowledge. Linux and cloud PCs demand adaption to new workflows.
Casual home users with eligible hardware should simply upgrade. Those with unsupported but adequate machines should enroll in the free ESU path immediately while budgeting for a hardware refresh before October 2026. Small businesses with legacy endpoints should combine ESU or 0patch with a phased hardware replacement plan, documenting compliance implications carefully. Industrial or embedded device operators should engage their Microsoft partner about IoT Enterprise LTSC, which aligns with multi-year device lifecycles.
Bypass tools are a tactical, not strategic, choice. They can keep a secondary machine running for testing or temporary use, but they should never anchor a daily-driver workstation where data sensitivity or regulatory obligations are at stake. The risk of waking up to a blocked, unpatched system is real.
Preparation, not panic
October 14, 2025, is a hard date, but it does not render Windows 10 PCs inoperable overnight. The difference is that every subsequent vulnerability discovery will leave those machines exposed unless a deliberate protective measure is in place. The steps outlined above—backup, eligibility check, ISO archiving, and a clear choice among the upgrade, ESU, or alternative paths—can be completed well before the deadline. Microsoft’s calendar is firm, but your response is entirely under your control. The clock is running: gather your information, test your options, and secure your digital life before the support valve closes for good.