Windows 10 officially reached the end-of-support on Oct. 14, as Microsoft advised security teams to upgrade to Windows 11 as soon as it’s feasible for their organization.As part of Patch Tuesday yesterday which addressed six zero-days and 172 other flaws, Microsoft released KB5066791, the final update for Windows 10, which has now reached the end of its support lifecycle.Microsoft pointed out that enterprise customers will have access to extended security updates (ESUs) for three years.Morey Haber, chief security advisor at BeyondTrust, considers this end-of-support cycle as one of the more significant ones since Windows XP back in 2014. Haber said hundreds of millions of systems will lack the hardware requirements for Microsoft’s newest OS and be unable to upgrade to Windows 11.“Much of the hardware we use today simply cannot be upgraded due to dependencies on hardware and software security features,” said Haber. “Only new computers with both Secure Boot and TPM will be supported, and able to migrate to Windows 11 — unless Microsoft chooses to remove these restrictions — which is highly unlikely, even though there are workarounds.”Damon Small, board member at Xcape, Inc., said that any new vulnerabilities will stay unpatched, giving attackers a growing list of weaknesses to exploit without Microsoft’s security updates. Small said attackers often target systems nearing or past their end-of-life, and unsupported Windows versions like Windows 7 and XP have been prime targets for ransomware, botnets, and credential theft.“Unpatched systems can also create vulnerabilities that weaken overall enterprise security, especially in hybrid environments,” said Small. “These risks are exacerbated by the fact that older operating systems are prevalent in industrial devices such as control systems, medical equipment, ATMs, and other embedded devices built on top of Windows architecture.”Small said security teams should treat this as a strategic migration project, not just a standard update. Teams should identify all Windows 10 systems, prioritize upgrading to Windows 11 or other supported options, and network isolate any devices that can't be immediately upgraded to minimize risk. For systems that need to stay on Windows 10 temporarily, take advantage of the ESUs and apply additional security measures, such as strict network segmentation, stronger EDR protection, and limit user access."Some see the end of Windows 10 support as a more serious issue and an underestimated risk for enterprise networks," said Tod Beardsley, Vice President of Security Research at runZero, which recently published research on the subject after analyzing millions of assets across hundreds of U.S.-based enterprises to quantify how prevalent the unsupported OSes are.Beardsley maintains that ESUs are often less helpful than advertised, “with fewer resources and man-power in the department, patches will be less prevalent and slow to issue.”Windows EoL is a huge blindspot no one seems to be prioritizing enough, he added. Sectors like general retail, machinery and electronics manufacturing, among others, carry more risk, having higher concentrations of these machines that can ultimately lead to network compromise and more, he said.
Security Operations, Application security, Vulnerability Management, SOC, Patch/Configuration Management
Windows 10 reaches end-of-support, security teams advised to upgrade
(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds