Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Millions of computers globally are still running Windows 10.
- Attackers are ready, willing, and able to exploit unpatched PCs.
- Signing up for extended security updates is a crucial step.
Hundreds of millions of computers worldwide are still running Windows 10, months after the one-time king of PC operating systems officially passed its end-of-support deadline.
If you’re responsible for one of those machines and you aren’t ready to upgrade to Windows 11, you can sign up today for an Extended Security Updates (ESU) subscription — consumers can get those updates free through October 2026, as I explain here: How to get free Windows 10 security patches on your PC – from now to October 2026.
Also: Windows 10 support officially ended – and millions of PCs fell off the ‘security cliff’
Don’t delay, though. History says attackers are ready, willing, and able to exploit unpatched PCs, and the results can be catastrophic. How bad? Let’s hop in the Wayback Machine and see what happened the last time a hugely popular Windows version reached its end-of-support date.
What happened after Windows 7
For Windows 7, that date was January 14, 2020. That’s when consumers and small businesses stopped receiving security updates. Microsoft offered an Extended Security Updates program for business customers, but those subscriptions were expensive, and I discovered that finding someone who would sell you the updates was a challenge.
The result? At the start of 2021, a year after Windows 7 support ended, I estimated that at least 100 million PCs were still running that out-of-date OS.
Also: How to upgrade your ‘incompatible’ Windows 10 PC to Windows 11 now – for free
The results were depressingly predictable. Groups around the world that specialized in ransomware attacks began seeking out unpatched systems that could be exploited. As months passed without security updates, the more opportunities those attackers had to work with.
Those criminal networks — with names like Digital Shadows, LockBit, Conti, and Vice Society — were busy conducting hands-on, human-operated campaigns, often exploiting new security vulnerabilities to help their ransomware attacks.
Some of those groups may have disbanded, but they’ve been replaced by equally dedicated attackers. And these individuals are eager to get to work when support for an operating system ends.
Also: Gemini vs. Copilot: I tested the AI tools on 7 everyday tasks, and it wasn’t even close
In the case of Windows 7, the most infamous attack involved the PrintNightmare security bug, which was first disclosed in July 2021. The bug created so much havoc worldwide that Microsoft took the rare step of releasing a patch for Windows 7 systems, even though support for those PCs had ended 18 months earlier.
XP’s most brutal attack
The PrintNightmare incident had echoes of an earlier, similarly catastrophic global outbreak. WannaCry, which was brutally effective against the large population of Windows XP PCs that were still in use in 2017, three years after support for that OS ended. At the time, Europol called the outbreak “the largest ransomware attack observed in history.”
Also: I think I know what’s coming in Windows 12, and you’re not going to like it
In that case, too, the scope of the attack was so broad that Microsoft released an out-of-band patch for Windows XP.
But those incidents were high-profile exceptions; there were plenty of other, less publicized vulnerabilities that didn’t receive patches and remained open for exploitation on unsupported systems. Those vulnerabilities didn’t garner worldwide headlines, but the impact was painful if your organization was successfully compromised.
The likelihood of Windows 10 attacks
So, how likely is it that Windows 10 holdouts will see a large-scale attack like the ones that targeted earlier versions? Well, if you could predict it, you could prevent it. Those incidents tend to happen without warning, when an attacker stumbles across a way to exploit an unpatched flaw. Sometimes these incidents involve multiple, seemingly minor vulnerabilities that attackers figure out how to combine into a single effective exploit.
Every month, Microsoft publishes a detailed list of the security fixes it has released with the Patch Tuesday updates. Alongside each entry on the list, there’s a rating of how exploitable that flaw is. For November 2025, the first release after Windows 10 support ended, that list included a Windows Kernel vulnerability (CVE-2025-62215); according to the bulletin, “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
Also: Microsoft at 50: Its incredible rise, 15 lost years, and stunning comeback – in 4 charts
And under the Exploitability heading, it’s categorized as “Exploitation Detected.” December’s security updates included another vulnerability that has also been categorized as “Exploitation Detected.”
Fortunately, both of those vulnerabilities require local access to be exploited, at least for now. But history suggests it’s only a matter of time before remotely exploitable attacks occur. When that day comes, you really don’t want to be running an unpatched, unsupported version of Windows.
Source: Networking - zdnet.com
