Microsoft Extends Windows 10 Security Updates to 2026

As the October 14 2025 end-of-support date for Windows 10 approaches, Microsoft has unveiled new enrollment mechanisms to secure consumer PCs until October 13 2026 free of charge with minimal friction.

Extended Support Options and Enrollment Mechanisms

• Paid ESU: $30 per device for one year of Extended Security Updates delivered via Windows Update.
• Microsoft Rewards Points: Redeem 1000 reward credits for one year of ESU at no cash cost.
• Windows Backup Enrollment: Sign in with a Microsoft Account and enable the built-in Windows Backup app to activate one year of ESU free.

Consumers will see proactive notifications in the Settings app and via Windows Update. Testing begins in the Windows Insider Preview channel immediately, with a full rollout to all Windows 10 systems by mid-August 2025.

Technical Architecture of ESU Delivery

Extended Security Updates (ESU) for Windows 10 are distributed through the Windows Update servicing pipeline. Each ESU release is packaged as a cumulative update with a special product family tag and requires up-to-date Servicing Stack Updates (SSU) and Unified Update Platform (UUP) components.

Key technical details include:

• Digital signing of ESU packages with Microsoft OEM Verification certificates.
• Support for Long Term Servicing branches such as 10.0.19044 with compatibility layers in the update metadata.
• Catalog entries in the Microsoft Update Catalog under identifiers prefixed ESU, for example KB5006888 and subsequent patches.
• Integration with Windows Update for Business policies for centralized management in enterprise and education environments.

Impact on Security and Compliance

Offering an additional year of patches mitigates the exposure of legacy Windows 10 systems to unpatched CVEs, including kernel exploits and vulnerabilities in SMB and RPC services. Unsupported OS instances are frequent targets in supply chain attacks and ransomware campaigns.

Without ESU updates, critical components such as Windows Hello and Hyper-V hypervisor code remain unpatched, leaving devices vulnerable to advanced threat actor techniques cataloged in the MITRE ATT&CK framework.

Commercial organizations can still purchase up to three years of ESU under volume license agreements at tiered pricing starting at $50 per device per year. Consumer devices benefit from the free-of-charge options.

Analysis of Windows 10 Adoption Trends

According to Statcounter May 2025 data, global Windows 10 share stands at approximately 43 percent, while Windows 11 has grown to about 50 percent. In the US, Windows 11 overtook Windows 10 in March 2025, reaching 53 percent versus 43 percent on Windows 10. Steam Hardware Survey reports 61 percent Windows 11 usage on gaming PCs compared to 39 percent on Windows 10.

Expert Opinions and Deployment Strategies

1. Gartner: Validate device inventory and enforce compliance scanning before October 2025 to avoid support gaps.
2. Forrester: Integrate ESU delivery with Windows Update for Business policies to centralize patch management and reduce configuration drift.
3. CISO Advice: Use Windows Backup and Microsoft Intune to automate ESU enrollment and generate compliance reports.

Additional Considerations

Enrollment requires a Microsoft Account, aligning with the company’s broader push for cloud-based identity and single sign-on across Windows 10 and 11. Windows Backup uses OneDrive and Azure Blob storage to migrate user profiles, application settings and encrypted credentials, streamlining eventual upgrades to Windows 11.

Conclusion

By extending complimentary ESU for Windows 10 into 2026 and simplifying enrollment through Windows Backup and Rewards points, Microsoft delivers critical security reinforcement for legacy systems while guiding users toward eventual Windows 11 adoption.