VYPR
patchPublished Jul 16, 2026· 1 source

Windows 10's Lingering Presence Creates Significant Security Debt

A substantial portion of Windows 10 devices remain in use, posing a growing security risk as official support wanes and Extended Security Updates approach their end dates.

Despite Microsoft's push for Windows 11 adoption, a significant number of Windows 10 devices continue to operate, creating a substantial security liability for organizations. According to data from asset tracking service Lansweeper, approximately 16.9% of monitored Windows devices still run Windows 10. This figure represents a notable slowdown in migration, with the operating system's market share having fallen from around 50% a year ago to the mid-40s by the end of standard support, and now continuing to decline at a much slower pace.

The primary concern is the eventual cessation of security updates. While consumer devices have until October 12, 2027, and commercial entities can extend coverage through the Extended Security Updates (ESU) program until October 10, 2028, these are temporary measures. After these dates, systems running Windows 10 will no longer receive patches for newly discovered vulnerabilities, leaving them increasingly exposed.

Small and medium-sized businesses (SMBs) are particularly vulnerable, with Lansweeper reporting that 21.4% of their monitored devices still use Windows 10. Cost is frequently cited as the main barrier to migration. This trend is exacerbated in specific sectors, such as healthcare and pharmaceuticals, where 23% of systems remain on Windows 10, and in retail, with 22.7% of devices still running the older OS.

The security gap between Windows 10 and Windows 11 is stark. Lansweeper data indicates that a Windows 10 device carries an average of 1,903 active Common Vulnerabilities and Exposures (CVEs), compared to just 652 on Windows 11 – a nearly threefold difference. This disparity persists even for Windows 10 devices enrolled in the ESU program, as these systems are still susceptible to unpatched vulnerabilities.

Compounding the issue is the concept of 'patch diffing.' Security researchers can analyze patches released for Windows 11 and reverse-engineer them to identify similar flaws in Windows 10. This means that the security updates for the newer operating system can inadvertently provide attackers with a roadmap to exploit vulnerabilities in the unsupported version.

Several factors contribute to the persistence of Windows 10. Vendor dependencies and certification gaps are significant hurdles. Many specialized devices, particularly in healthcare and industrial settings, are tied to specific OS versions through vendor certification. If a Windows 11-certified version of the required hardware or software does not exist, or if the vendor is contractually obligated to maintain the OS on that hardware, migration becomes complex and costly.

Furthermore, some devices are intentionally kept on Windows 10 in air-gapped or isolated environments where the perceived risk is low, and the ESU enrollment is not a priority. However, as the security landscape evolves and the end of support looms, these accepted risks could become significant liabilities. The rising cost of new hardware also discourages organizations from undertaking widespread device replacement or upgrades.

Ultimately, the continued reliance on Windows 10 represents a growing security debt. While ESU programs offer a temporary shield, they are not a long-term solution. Organizations must prioritize migration strategies, addressing vendor lock-ins and certification issues, to mitigate the escalating risks associated with running an unsupported operating system.

Synthesized by Vypr AI