Windows 11 is the latest and greatest operating system from Microsoft, but it has its flaws, so much so that even four years after its release, some people are sticking with older versions. Windows 10 remains the operating system of choice for many, even though Microsoft has shifted its focus entirely to Windows 11. In fact, the Redmond-based company will end security updates for Windows 10 this October.
If that’s not enough to push you toward upgrading, the latest news might be. The 240 million Windows 10 users are vulnerable to dozens of security vulnerabilities, six of which are reportedly already being exploited by bad actors.
STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S ‘THE CYBERGUY REPORT’ NOW
A person typing on a Windows laptop (Kurt “CyberGuy” Knutsson)
Critical Windows 10 security flaws exploited
The vulnerabilities in question were part of a recent Microsoft Patch Tuesday update, a monthly release where the company addresses security flaws. In this case, six specific exploits were identified as being actively used by hackers to target Windows 10 systems. These exploits are particularly alarming because they are already in the wild, meaning attackers are leveraging them to compromise systems before all users have had a chance to update their devices.
The affected population, estimated at 240 million, refers to users whose PCs cannot upgrade to Windows 11 due to hardware limitations, such as lacking TPM 2.0 (Trusted Platform Module) or other system requirements.
The six exploits include a mix of flaws that allow hackers to achieve various malicious outcomes, such as executing arbitrary code, escalating privileges to take full control of a system or bypassing security features.
For example, one exploit might overload system memory to overwrite critical data (a buffer overflow), while another could allow attackers to access sensitive information by exploiting a flaw in the Windows Kernel. These vulnerabilities are especially dangerous because they can be triggered remotely or through seemingly innocuous actions, like opening a malicious file or mounting a compromised virtual hard disk.
Windows laptop (Kurt “CyberGuy” Knutsson)
CLICKFIX MALWARE TRICKS YOU INTO INFECTING YOUR OWN WINDOWS PC
A fix is there (for now)
Microsoft has released patches to address these issues, and America’s Cyber Defense Agency has urged users to update their systems immediately, ideally by this month, or risk severe consequences. The agency even suggested turning off unpatched computers as a precaution. Updating to the latest Windows 10 patch is the simplest and most effective way to protect against these exploits right now.
However, a bigger problem looms later this year. Microsoft will officially end free security updates for Windows 10 on October 14, 2025. After that, systems running Windows 10 will no longer receive critical security patches, unless users enroll in Microsoft’s Extended Security Updates (ESU) program.
This ESU program will be available to individual users for the first time and will cost $30 per device for one additional year of updates. It’s designed to give users more time to transition, especially those who can’t upgrade to Windows 11 due to hardware limitations. While this offers a temporary reprieve, it’s not a long-term solution; the ESU program will only extend support for a limited time (typically three years in enterprise settings) and prices may increase annually.
The scale of the problem remains significant. Millions of devices lack the hardware requirements for Windows 11, such as TPM 2.0 and newer CPUs, making the shift costly or impractical for some. Analysts warn this could contribute to a surge in electronic waste, unless recycling and repurposing efforts improve dramatically.
RELENTLESS HACKERS ABANDON WINDOWS TO TARGET YOUR APPLE ID
How to keep your Windows devices up to date
If you’re a Windows 10 user, the immediate step is to ensure your system is updated with the latest patches. Follow the steps below to do that:
- Select Start
- Click Settings
- Click Windows Update
- Click Check For Updates
- If a feature update is available for your device, it will appear separately on the Windows update page
- To install it, click Download and Install now
Windows update (Kurt “CyberGuy” Knutsson)
MICROSOFT SETS MAY END DATE FOR SKYPE AFTER 14-YEAR RUN
3 additional ways to stay safe from Windows vulnerabilities
1) Use strong antivirus software: Even with the latest patches, no system is entirely immune to threats. Strong antivirus software can act as a second line of defense, detecting and neutralizing malware that exploits vulnerabilities before they cause harm. Look for solutions with real-time protection and frequent updates to tackle emerging threats. While this won’t fix unpatched system flaws after October 2025, it can reduce risks from common attack vectors like phishing or malicious downloads. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features (like Microsoft Edge or Chrome with Safe Browsing enabled).
3) Plan for the future: The clock is ticking on Windows 10’s security updates. If your hardware can’t handle Windows 11, weigh your long-term options. Buying a new PC might be inevitable, but you could also explore alternatives like Linux, which offers free, secure operating systems (e.g., Ubuntu or Linux Mint) that run well on older hardware.
Kurt’s key takeaway
The road ahead for Windows 10 users is anything but smooth. With critical vulnerabilities emerging and official support coming to an end, millions are being pushed into a difficult decision. They can upgrade their hardware, pay for temporary patches or continue using increasingly vulnerable systems. As October draws closer, the risks will only increase. Updating your system is essential, but it’s just a short-term measure. Now is the time to start preparing for what comes after, before the window of protection closes for good.
Do you think tech companies are doing enough to prevent hackers from obtaining your data? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.