If you go this route, please also see the FAQ entry here. There is currently a glitch with commercial ESU keys (which this uses) and Windows Update will continue to claim that your device will no longer receive security updates. This is also effecting W10 LTSC systems. However, you can verify that the license key is active through Command Prompt and instructions are given in the FAQ.
Microsoft said both issues could allow attackers to execute code with elevated privileges, although there are currently no indications on how they are being exploited and how widespread these efforts may be. In the case of CVE-2025-24990, the company said it’s planning to remove the driver entirely, rather than issue a patch for a legacy third-party component.
The security defect has been described as “dangerous” by Alex Vovk, CEO and co-founder of Action1, as it’s rooted within legacy code installed by default on all Windows systems, irrespective of whether the associated hardware is present or in use.
New attack vectors are found constantly. Having no support can very likely result in a system that can be automatically breached in a few weeks to months.
As long as you don’t have a public IP on your device and are in a trusted network you should be fine. But if you use a public wifi or somehow expose a port to the internet you’re increasingly vulnerable for each day after the last security update.
There’s always going to be vulnerabilities, that’s why they’re ending support. They don’t want to spend time updating an OS they don’t want people using.
Windows 10 is probably fairly secure… today. In 2 years, someone might discover a new vulnerability, and you won’t get the update. If there’s a new way to do web security and the browsers need OS support to implement it, you’ll be stuck on legacy security settings.
New vulnerabilities are found on a daily to weekly basis.
To put this in perspective. In 2024 there were 1360 vulnerabilities reported, 587 confirmed with 33 deemed critical.
I would hazard there are critical vulnerabilities that are right now being worked on, or are complete but unreleased. There was a concern of the exploit being patched. That concern is gone for millions of PC(s).
Short term honestly likely fine for your avg person. After even six months tho I wouldn’t trust using it for banking, government sites or anything more sensitive then looking at cat memes.
Its probably more lazy than anything. Security always depends on what you need to protect. If you want to keep using it, dont keep sensitive information on it. People will target vulnerabilities in Windows 10 as time goes on.
I wouldn’t be surprised if there’s a conspiracy where Microsoft purposely left a massive hole in windows 10. And they are going to attack their own system in 2 months and be like “oh noez, welp guess you have to come to windows 11”.
How bad would running Windows 10 past support be exactly? Seems like most vulnerabilities should have been patched by now.
Extended security updates are available. This can be activated for free using Microsoft Activation Scripts.
Microsoft tech support has been repeatedly caught using these scripts to resolve support tickets for license issues. (https://www.bleepingcomputer.com/news/security/microsoft-support-cracks-windows-for-customer-after-activation-fails/) Also, the open source MAS code is hosted on Microsoft-owned Github, so they are appearantly not very concerned with people taking advantage of this exploit.
If you go this route, please also see the FAQ entry here. There is currently a glitch with commercial ESU keys (which this uses) and Windows Update will continue to claim that your device will no longer receive security updates. This is also effecting W10 LTSC systems. However, you can verify that the license key is active through Command Prompt and instructions are given in the FAQ.
See an example here:
New attack vectors are found constantly. Having no support can very likely result in a system that can be automatically breached in a few weeks to months.
As long as you don’t have a public IP on your device and are in a trusted network you should be fine. But if you use a public wifi or somehow expose a port to the internet you’re increasingly vulnerable for each day after the last security update.
There’s always going to be vulnerabilities, that’s why they’re ending support. They don’t want to spend time updating an OS they don’t want people using.
Windows 10 is probably fairly secure… today. In 2 years, someone might discover a new vulnerability, and you won’t get the update. If there’s a new way to do web security and the browsers need OS support to implement it, you’ll be stuck on legacy security settings.
It’s not going to take 2 years…
New vulnerabilities are found on a daily to weekly basis.
To put this in perspective. In 2024 there were 1360 vulnerabilities reported, 587 confirmed with 33 deemed critical.
I would hazard there are critical vulnerabilities that are right now being worked on, or are complete but unreleased. There was a concern of the exploit being patched. That concern is gone for millions of PC(s).
Out of curiosity, does anyone know how many critical vulnerabilities are currently unpatched in Windows 7?
https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-17153/Microsoft-Windows-7.html
Short term honestly likely fine for your avg person. After even six months tho I wouldn’t trust using it for banking, government sites or anything more sensitive then looking at cat memes.
If you want to keep running Win10, look into 0patch. They do in memory patching and are MUCH smaller, it’s what a real OS manufacturer would put out.
Its probably more lazy than anything. Security always depends on what you need to protect. If you want to keep using it, dont keep sensitive information on it. People will target vulnerabilities in Windows 10 as time goes on.
I wouldn’t be surprised if there’s a conspiracy where Microsoft purposely left a massive hole in windows 10. And they are going to attack their own system in 2 months and be like “oh noez, welp guess you have to come to windows 11”.
They don’t care about forcing you to 11 other than it saves them development costs. All the ads and spyware are also in 10.
It’s the same reason Linux distro’s don’t patch old kernels but force you to upgrade every 12 years.