Windows 10 is on its way out. The End of Life (EOL) date has been set for October 14. What consequences will this have for organizations that have not yet made the leap to Windows 11? And should we have expected more from Microsoft’s support for this still popular operating system?
Windows 10 was once supposed to be “the last version of Windows.” Continuous updates would breathe new life into the operating system, similar to Apple’s long-lived OS X. Microsoft seemed to abandon this idea early on, so the announcement of Windows 11 in 2021 came as no surprise at the time.
Costs are rising rapidly
Nevertheless, users worldwide have been slow to adopt the new OS. Given that Windows 11 is largely an evolution of 10, this laconic attitude is understandable. Now time is running out because Microsoft itself is pulling the plug on the old OS. Those who really don’t want to stop using Windows 10 can purchase additional security patches (Extended Support Updates, ESU) at a hefty price. An organization with 50 employees (and therefore, for convenience, 50 Windows 10 endpoints) has to pay around €3,000 for one year. That same company pays Microsoft almost €20,000 in total for the maximum three years of ESU coverage. In other words, buying new PCs for the entire organization quickly becomes more attractive than sticking with Windows 10.
Of course, this is not always the case. Windows 10 Enterprise LTSC (Long-Term Servicing Channel) remains the only variant of the OS. The end date for LTSC 2021 (but not IoT) is January 12, 2027, while the IoT variant will continue to run until January 13, 2032. These are not common versions for end users and lack all kinds of features and sometimes drivers for peripheral devices.
Risks are gradually increasing
Windows 11 cannot normally be installed on PCs that do not contain Trusted Platform Module (TPM) 2.0. This is a security chip or firmware for storing sensitive data such as passwords and certificates. Lost Intel processors from the 8th to the 10th generation also lost support earlier this year, according to a modified list from Microsoft for OEMs.
Users on older systems who do not pay for ESU updates are at risk. History is likely to repeat itself in this area. Previously dominant operating systems such as Windows 98 and XP remained in widespread use after their end dates, resulting in widespread cyber threats such as WannaCry. Legacy systems with internet access will inevitably experience unpatched security issues. With around 40 percent of globally reported Windows devices running version 10, this group is becoming a very attractive target for cyber attackers.
A way out?
The advice for organizations, both from Microsoft and from basic logic, is clear: switch to Windows 11 as soon as possible. If that is really not possible, pay for ESU patches. An alternative is to exploit cloud entitlements, which allow Windows 10 instances to continue to run securely on Windows 365, Azure Virtual Desktop, Azure VMs, and Azure VMware Solution. Otherwise, shielding every Windows 10 endpoint from the internet becomes crucial. Use endpoint security solutions, adhere to least privilege and zero trust principles for access to the machines, and disconnect RDP from the internet.
Circumventing the Windows 11 restrictions is not recommended. For individuals, it is a small-scale problem, mainly resulting in inconsistent patching, but for fleet management, it is a bigger problem.
Conclusion: a familiar story
Windows 7 enjoyed a similar level of popularity compared to its successor(s) (8 and 8.1) as Windows 10 does compared to 11. The big difference: virtually every system was able to make the transition from Windows 7 to Windows 10. This is not the case for devices that may have even run on those two operating systems. In fact, Microsoft has chosen not to launch Windows 12 in order to make the new upgrade more attractive. This will lead to security issues, which we will undoubtedly keep you informed about in the coming years. It is up to each organization to ensure that it does not become one of those future victims.
In the end, Microsoft has to draw the line somewhere. The timing of Covid-boosted PC purchases means many quite young systems will die a premature death. Intel 10th gen PCs and those running older x86 chip generations will need to either be replaced or shut off from the internet, unless organizations are willing to finally pay Microsoft for support. Given the extra three years of support the tech giant allows for, most organizations should be able to stay safe for a while.
Read also: The dates on which Microsoft will discontinue Windows 10 and Windows 11