Windows 11 is Microsoft’s latest and largest operating system, but due to its flaws, it sticks to older versions even four years after its release. Windows 10 remains the operating system of choice for many, despite Microsoft shifting its focus to Windows 11 completely. In fact, the Redmond-based company will end its Windows 10 security update this October.
If that’s not enough to push you into an upgrade, the latest news may be. 240 million Windows 10 users are vulnerable to many security vulnerabilities, six of which are reportedly already being exploited by bad actors.
Be protected and provide information! Get security alerts and expert technical tips – Sign up for “The Cyberguy Report” in your cart now
People typing on a Windows laptop (Kurt “Cyberguy” Knutsson)
Important Windows 10 security flaws have been exploited
The vulnerability in question is part of a recent Microsoft Patch Tuesday update, a monthly release that the company addresses security flaws. In this case, six specific exploits were identified as being actively used by hackers to target Windows 10 systems. These exploits are particularly surprising as they are already in the wild. In other words, attackers are leveraging them to compromise the system before all users have the opportunity to update their devices.
The affected population, estimated at 240 million, refers to users whose PCs are unable to upgrade to Windows 11 due to hardware restrictions, such as TPM 2.0 (a trusted platform module) and other system requirements.
Six exploits include a combination of flaws that allow hackers to achieve a variety of malicious outcomes, such as running arbitrary code, escalating privileges for full control of the system, and bypassing security features.
For example, one exploit could overload system memory and overwrite important data (buffer overflow), while another could allow an attacker to access sensitive information by exploiting a flaw in the Windows kernel. These vulnerabilities are particularly dangerous as they can be triggered by remote or seemingly harmless actions, such as opening malicious files or installing compromised virtual hard disks.
Windows Laptop (Kurt “Cyberguy” Knutsson)
Clickfix malware will trick you into infecting your own Windows PC
There’s a correction (for now)
Microsoft has released patches to address these issues, with American cyber defense agencies urging users to update their systems immediately by this month, ideally, or risk serious consequences. The agency even suggested turning off unpatched computers as a precaution. Updates to the latest Windows 10 patches are currently the easiest and most effective way to protect against these exploits.
However, there are major issues looming later this year. Microsoft will officially end its free Windows 10 security update on October 14th, 2025. Systems running Windows 10 will not receive critical security patches unless the user registers with Microsoft’s Extended Security Update (ESU) program.
This ESU program will be available for the first time to individual users and costs $30 per device for an additional yearly update. It is designed to increase migration time for users, especially those who cannot upgrade to Windows 11 due to hardware limitations. This provides a temporary reprieve, but is not a long-term solution. The ESU program only extends support for a limited time (usually three years in an enterprise setting), and prices can rise every year.
The scale of the problem remains important. Millions of devices lack Windows 11 hardware requirements, such as TPM 2.0 and newer CPUs, so shifts are expensive for some. Analysts warn that this could contribute to a surge in e-waste unless recycling and reuse efforts are dramatically improved.
Relentless Hacker abandons Windows to target Apple ID
How to Keep Your Windows Device Up to date
For Windows 10 users, the immediate step is to ensure that your system is updated with the latest patches. To do so, follow the steps below:
Select (settingsclick) to check the settingsclick updateclick updateclick update. If the feature is available for your device, it will be displayed separately in the Windows Update Pageto installation.
Windows Update (Kurt “Cyberguy” Knutsson)
Microsoft Set may end Skype date after 14 years of running
Three additional ways to stay safe from Windows vulnerabilities
1) Use powerful antivirus software. Even with the latest patches, no system is completely immune to threats. Powerful antivirus software acts as a second line of defense and can detect and neutralize malware that eliminates vulnerabilities before causing harm. Tackle new threats by looking for solutions with real-time protection and frequent updates. This will not fix any flaws in the accrued system from October 2025 onwards, but will reduce the risk from common attack vectors such as phishing and malicious downloads. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
2) Exposure Limitations: Many exploits rely on user interactions, such as clicking suspicious links, downloading compromised files, mounting untrusted virtual disks. Stick to reputable websites, avoid opening unsolicited email attachments, and do not use browsers with built-in security features (enable secure browsing, such as Microsoft Edge or Chrome).
3) Future Plans: The clock is engraved in Windows 10 security updates. If your hardware cannot handle Windows 11, weigh the long-term option. Buying a new PC may be inevitable, but you can also explore alternatives like Linux that offer free, secure operating systems (such as Ubuntu and Linux Mint) that run well on older hardware.
Important points of cart
For Windows 10 users, the future path is not smooth. A critical vulnerability has emerged and official support has ended. You can upgrade your hardware, pay for temporary patches, and continue to use increasingly vulnerable systems. As October approaches, the risks will only increase. System updates are essential, but this is a short-term measure. Now is the time to begin preparing what comes afterwards before the protective window closes forever.
Do you think tech companies are doing enough to prevent hackers from getting your data? Please let us know by writing to cyberguy.com/contact.
For more information about my tech tips and security alerts, head to cyberguy.com/newsletter and subscribe to our free Cyberguy Report newsletter.
Please ask Cart questions or tell us what stories you would like us to cover.
Follow your cart on his social channels:
Answers to the most accused Cyber Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
