Microsoft expected Windows 10 to age out. Instead, the remaining machines are turning into a hard security bill that neither Microsoft nor many customers can cleanly pay down.

Windows 10 Security Updates Now Trap One in Six PCs
XOOMAR Intelligence
Analyst Take
That is the real signal in new Lansweeper data cited by The Register Security: Windows 10 security updates are no longer just a consumer annoyance or an IT housekeeping item. They are becoming a long-tail exposure problem, especially for organizations that can’t move because of cost, certified hardware, vendor dependencies, or accepted risk.
Windows 10 has become the operating system Microsoft can't retire cleanly
The clean version of the Windows 10 story was simple: Microsoft ends standard support, users move to Windows 11, and the installed base keeps shrinking.
The actual version is messier. Lansweeper says Windows 10 still runs on 16.9 percent of the Windows devices it monitors, or "roughly one in six." That is down sharply from a year ago, when Windows 10 represented about half of the machines in Lansweeper’s dataset. It fell into the low-to-mid 40 percent range by the time Microsoft ended standard support, then dropped to 18.6 percent in June.
Now the easy part appears to be over.
"The easy migrations are done. What's left is the hard core: devices that haven't moved because they can't or won't."
That sentence matters because it reframes the issue. The remaining Windows 10 estate is not just laziness. In many cases, it is trapped infrastructure. Microsoft can offer Extended Security Updates, or ESU, but ESU buys time. It does not solve certification, hardware, or replacement economics.
The contradiction is sharp: Windows 10 is still useful enough to keep, but old enough to become a progressively weaker security bet.
The numbers behind Windows 10's stubborn market share and the looming patch deadline
The headline number is 16.9 percent, but the more important detail is the stall. Lansweeper’s data shows the migration curve slowing after the post-support drop. That means the remaining Windows 10 population may be harder to move than the percentage suggests.
The Windows 10 security updates timeline now looks like this:
- Consumer devices: Security updates can continue until October 12, 2027.
- Commercial customers: Paid coverage can run until October 10, 2028.
- After that: Microsoft’s fixes stop, based on the current deadlines cited in the source material.
Microsoft describes ESU this way:
"the ESU program helps reduce the risk of malware and cybersecurity attacks by providing access to critical and important security updates."
That is true as far as it goes. But Lansweeper says only 14 percent of Windows 10 assets have ESU patches applied. Even among enrolled machines, the risk does not disappear. Esben Dochy, principal technical evangelist at Lansweeper, told The Register that "the Windows 10 average also includes devices that have ESU patches applied."
The vulnerability gap is already large. Lansweeper says:
| OS | Average active CVEs per device |
|---|---|
| Windows 10 | 1,903 |
| Windows 11 | 652 |
That is a 2.9x gap.
The attack surface does not require Windows 10 to dominate the market. It only requires enough unpatched or poorly isolated machines to make targeting worthwhile. A one-in-six footprint is not a legacy footnote. It is still a mainstream endpoint population.
TPM 2.0, old CPUs, and the hardware wall blocking millions of Windows 11 upgrades
Part of the stall comes from the Windows 11 hardware gate. The related source material cites requirements around TPM 2.0, Secure Boot, newer CPUs, and modern RAM and chipsets. That matters because many Windows 10 PCs still feel perfectly usable for browsing, Office work, retail terminals, healthcare workflows, or industrial software.
For households, schools, small businesses, and cash-constrained firms, replacing working machines can feel irrational. For regulated or vendor-managed devices, it may not even be a customer decision.
Dochy’s explanation is the clearest part of the story:
"I think a meaningful share of the remaining Windows 10 estate isn't being actively unpatched by neglect," Dochy said. "It's being held in place by vendor dependency, certification gaps, cost, or accepted risk."
He gave two specific examples: medical devices and industrial systems where the OS is tied to vendor certification, and retail devices locked to specific OS versions for compliance or warranty reasons.
That is the trap. Microsoft can tighten the baseline for newer Windows machines, but stricter hardware rules can strand older ones faster. Unsupported installs and bypasses may keep some PCs alive, but they complicate support, compliance, and patch reliability. For separate XOOMAR coverage of PC upgrade friction and user trust issues, see Windows 11 8GB RAM Flops on Microsoft’s Own Laptop and LG Gaming Monitors Trigger Revolt Over PC Adware Scare.
From Windows XP to Windows 7, Microsoft has seen this retirement drama before
Microsoft has dealt with slow Windows retirements before. The supplied data does not provide comparable Windows XP or Windows 7 migration figures, so the useful comparison here is structural rather than statistical.
The pattern is familiar: organizations delay until the cost of staying exceeds the cost of moving. That cost can come from support contracts, customer questionnaires, internal audits, application testing, or security incidents. Lansweeper’s Windows 10 data suggests this cycle has reached the hard phase.
The difference now is the visibility of the vulnerability gap. A Windows 10 device averaging 1,903 active CVEs against 652 on Windows 11 gives IT teams a concrete way to rank the debt. It also gives attackers a clearer target list when old systems remain exposed.
Lansweeper also flags patch diffing, where attackers compare Windows 11 fixes to infer flaws that may still exist in Windows 10.
"The supported OS effectively hands attackers a map into the unsupported one," Lansweeper said.
That is the mechanism that turns an end-of-life calendar into a security event. Each Windows 11 fix can become a clue for where to look on machines that are slower to patch or no longer patchable.
Microsoft, IT departments, consumers, and attackers all see the Windows 10 deadline differently
Microsoft’s interest is straightforward. It wants users on Windows 11 and on newer hardware with stronger security assumptions. ESU softens the transition, but it also makes clear that Windows 10 is living on borrowed time.
Enterprise IT sees a different problem. Migration is not just clicking upgrade. It means procurement, app testing, device management, employee disruption, vendor timelines, and risk signoff. In some sectors, the source data shows heavier exposure:
| Sector or group | Windows 10 share cited by Lansweeper |
|---|---|
| SMBs | 21.4 percent |
| Healthcare and pharmaceutical systems | 23 percent |
| Consumer and retail devices | 22.7 percent |
Small and medium-sized businesses look especially exposed because cost is usually the constraint keeping Windows 10 alive, according to Lansweeper.
Consumers may see no cliff at all. The machine still boots. The browser opens. Email works. Banking works. That is exactly why Windows 10 security updates are a slow-burn issue rather than an obvious failure.
Attackers read the same situation differently. Old OS, uneven ESU adoption, vendor-locked systems, and isolated machines with accepted risk all create predictable pockets of weakness.
Windows 10 holdouts face higher security costs, compliance pressure, and forced PC replacement
The end of standard support shifts cost away from Microsoft and toward the owner of the device.
That cost can take several forms:
- Paid coverage: ESU for organizations that need more time.
- New hardware: Replacement where Windows 11 requirements block upgrade.
- Managed controls: Stronger monitoring, segmentation, and endpoint protection.
- Operational risk: More exposure where devices stay unpatched or only partly protected.
Dochy also warned that ESU may not fix the deeper issue when vendors control the device.
"For a lot of this hardware, the vendor is contractually responsible for maintaining the device, including any OS changes, so simply enrolling in ESU as a customer may not resolve the underlying problem."
That line should worry buyers of certified or vendor-locked systems. If the vendor has not certified a Windows 11 path, the customer may be stuck paying for mitigation while waiting for someone else’s roadmap.
XOOMAR analysis: the most exposed organizations are not necessarily the least sophisticated. They may be the ones with the most specialized equipment, where a generic Windows migration plan breaks against certification, warranty, or operational constraints.
Windows 10 won't vanish in 2025, and that creates the next PC security fault line
Windows 10 usage will keep declining, but the source data does not support the idea of a clean collapse. Lansweeper’s stall points to a long tail.
The practical test now is not whether Microsoft can persuade ordinary users to prefer Windows 11. It is whether the remaining Windows 10 machines can be identified, patched where possible, isolated where necessary, and replaced when there is no safe path left.
Evidence that would strengthen the risk thesis: ESU adoption remains low, Windows 10’s CVE gap widens, and sector exposure in healthcare, pharmaceuticals, retail, and SMBs stays elevated.
Evidence that would weaken it: faster Windows 11 certification by vendors, a visible rise in ESU coverage, and continued decline from 16.9 percent without another plateau.
Operating system deadlines do not secure devices by themselves. The Windows 10 security updates clock is now testing whether hardware policy, customer economics, and real security urgency can finally line up.
Impact Analysis
- The remaining Windows 10 machines are likely the hardest and most expensive to replace.
- Extended Security Updates reduce short-term risk but do not solve hardware or certification blockers.
- Organizations that delay migration may face rising security exposure as Windows 10 ages out.
Windows 10 Migration Reality
| Area | Windows 10 | Windows 11 / Migration Path |
|---|---|---|
| Current status | Still runs on 16.9% of Lansweeper-monitored Windows devices | Absorbed the easier migrations already |
| Main issue | Remaining devices may be blocked by cost, hardware, certifications, or vendor dependencies | Requires replacement, validation, or operational change |
| Security outlook | Extended Security Updates can buy time but do not fix underlying constraints | Preferred long-term path for supported security coverage |
Windows 10 Share of Lansweeper-Monitored Windows Devices
Sources
Written by
XOOMAR Insights Team
Research and Editorial Desk
The XOOMAR Insights Team pairs automated research with human editorial judgment. We track hundreds of sources across technology, fintech, trading, SaaS, and cybersecurity, cross-check the facts, and explain what happened, why it matters, and what to watch next. We do not just rewrite headlines. Every article is fact-checked and scored for reliability before it goes live, and we link back to the original sources so you can verify anything yourself.
Explore More Topics
Related Articles
CybersecurityWindows 11 Secure Boot Update Hits a Firmware Wall
Microsoft paused the Windows 11 Secure Boot update on some PCs after certificate refresh failures exposed firmware support gaps.
CybersecurityUSB Crypto Malware Weaponizes Windows Shortcut Files
A USB worm turns Windows shortcuts into crypto theft traps, swapping wallet addresses and hunting seed phrases before funds move.
Cybersecurity11 Old UEFI Shims Crack Open Secure Boot Bypass Risk
Microsoft revoked 11 old UEFI shims after ESET showed they could bypass Secure Boot on systems trusting its 2011 UEFI CA.
CybersecurityExploited SharePoint Vulnerabilities Trigger 3-Day Race
CISA says three exploited SharePoint flaws are under attack, with agencies facing a 3-day patch deadline for CVE-2026-56164.
CybersecurityMicrosoft Defender Flaw Lets Hackers Seize SYSTEM Access
Microsoft patched RoguePlanet, a Defender flaw that could let attackers turn low-level access into SYSTEM control.
TechnologyDOJ Guts TikTok Federal Device Ban After ByteDance Deal
DOJ says the U.S. TikTok app no longer fits the 2022 federal device ban, putting access back in agencies' hands.
Global TrendsPauline Hanson Exports Grievance at London CPAC Stage
Hanson used London CPAC to turn British culture-war fears into a warning for Australia, exposing One Nation's imported grievance playbook.
Global TrendsTisza Forces Hungary President Out With Law Rewrite
Tamás Sulyok will leave Hungary’s presidency after Tisza used its supermajority to end his Orbán-era term.
Amazon Leak Slaps $899 Sting on Google Pixel 11 Launch
Amazon listings may have exposed Pixel 11 specs, colors and a $899 starting price, with the 128GB option possibly gone.
Global TrendsBlue Angels Low Flypast Sends Pensacola Beach Gear Flying
A Blue Angels jet flew lower than expected over Pensacola Beach, sending umbrellas flying and triggering a Navy safety review.
Don't miss the signal
Get our weekly roundup of the stories that matter across tech, fintech, and trading. No noise, just signal.
Free forever. No spam. Unsubscribe anytime.