Still on Windows 10? You're more exposed than you think
If any machine in your business is still running Windows 10, here's the uncomfortable truth: unless it's enrolled in Microsoft's paid Extended Security Updates programme, it hasn't had a security patch since 14 October 2025. Every vulnerability discovered since then is sitting open.
That's not scaremongering. It's just how end of support works.
What "end of support" actually means
On 14 October 2025, Windows 10 reached end of support. Microsoft didn't switch the machines off; they still boot, still run your software. What stopped is the security updates: no more monthly patches for newly discovered flaws. And since attackers actively hunt for exactly these unpatched systems, every month that passes makes a Windows 10 machine a softer target. It's the same "path of least resistance" problem we wrote about in our breakdown of last year's cyber attack figures.
The one important caveat: Extended Security Updates (ESU)
There is a safety net, and it's worth knowing about. Microsoft's ESU programme lets you keep receiving critical and important security patches after end of support, for a price, and only for a while. If your Windows 10 machines are on ESU, they're still being patched and you're in a far better position. If they're not, they're exposed.
Be clear about what ESU is, though. It delivers critical and important security fixes only: no new features, no performance improvements, and no general technical support from Microsoft. It's a bridge, not a destination.
The dates and the real costs
For businesses, ESU is bought per device, per year, through volume licensing or a Microsoft partner, and the price doubles every year to push you towards upgrading:
| ESU year | Coverage period | Approx. cost per device |
|---|---|---|
| Year 1 | 15 Oct 2025 to 13 Oct 2026 | |
| Year 2 | 14 Oct 2026 to 12 Oct 2027 | |
| Year 3 | 13 Oct 2027 to Oct 2028 |
That's roughly £337 per device over the full three years, and Year 3 is the end of the road. There is no Year 4; Windows 10 security updates stop permanently in October 2028. (Exact pricing comes through your reseller or CSP and excludes VAT.)
Two catches worth flagging. First, it's cumulative: you can't skip Year 1 and simply buy Year 2. Enrol late and you pay for the earlier year too. Second, the consumer version of ESU (the free/low-cost home option) only runs for one year, to 13 October 2026, and isn't built for a managed business fleet.
Why this October is the real cliff
We're currently in Year 1. The pressure point is October 2026: consumer ESU ends entirely, and business ESU doubles to around £96 per device.
Put numbers on it. If you've got fifteen Windows 10 machines, the cost of standing still jumps from roughly £720 this year to about £1,445 next year, for security patches alone, on machines that are otherwise frozen in time. Across the full three years that's nearly £5,000 to keep fifteen ageing PCs on life support, money that, in a lot of cases, would go a long way towards replacing or upgrading them.
The honest answer: ESU buys time, it doesn't fix the problem
For most businesses, the right move is to get onto Windows 11. Many existing machines will upgrade for free if they meet the hardware requirements: TPM 2.0, Secure Boot and a supported processor. Some older machines won't qualify, and for those the real cost isn't ESU, it's replacement. Either way, that decision is far better made on a planned roadmap than under pressure the week a machine gets hit.
There's a compliance angle too. Running an unsupported operating system can quietly undermine your security obligations; it's the sort of thing that fails a Cyber Essentials assessment and sits awkwardly against the data protection duties we wrote about ahead of the 19 June deadline. "We were still on Windows 10" is not a sentence you want to be explaining to a client, an insurer, or the Information Commission.
What we'd do for you
This is squarely an MSP job, and one we handle end to end. We'll audit every machine and tell you which can move straight to Windows 11, which need ESU as a short bridge, and which are genuinely due for replacement. We'll enrol the stragglers so nothing sits exposed in the meantime, and plan the migration around your business, all on one flat monthly price, no surprises.
If you're not sure how many Windows 10 machines you've still got, or whether they're even patched, that's exactly what our free IT assessment is for. Call 0115 732 3060 or email hello@foxcube.co.uk.