Security


WINDOWS 10 NEARS END OF LIFE: ARE YOU READY?


Microsoft’s decision to end support for Windows 10 in October will impact millions of organisations still relying on the operating system. In this interview, Farid Mustafayev, Software Developer and Windows Specialist at ThreatLocker, breaks down what this means for security and long-term IT strategy.


For businesses and individuals still relying on Windows 10, what are the key risks they need to be aware of? Once Microsoſt ends support, Windows 10 will no longer receive security updates, including patches for newly discovered vulnerabilities. Tis means that every future exploit targeting Windows internals, services, or outdated components will remain permanently unpatched, creating a static and widening attack surface. Worse, attackers oſten reverse-engineer Windows 11 patches to identify similar vulnerabilities in Windows 10. What gets fixed on one platform becomes a roadmap for exploitation on another. In 2024 alone, Microsoſt released over 1,000


security patches, including fixes for 22 zero-day vulnerabilities, actively exploited flaws discovered in the wild before patches were available. Many of these applied to core Windows components that still exist in Windows 10. Aſter support ends, any new zero-day will remain open indefinitely unless mitigated manually, and the volume of threats won’t slow down just because updates stop. For example, in April 2024, ESET discovered that


the Russia-aligned RomCom APT group exploited a zero-click vulnerability in Windows (CVE-2024- 29988, CVSS 8.8) in conjunction with a Firefox zero-day. Tis was used in targeted attacks that required no user interaction. On an unsupported OS, such threats become indefensible.


36 | July/August 2025 Over time, Windows 10 will accumulate


vulnerabilities that defenders can’t fix unless they implement strict compensating controls, such as application allowlisting, zero-trust security, or endpoint isolation via third-party solutions. Without these, it’s not a matter of if compromise happens; it’s when.


How do threat actors typically respond when operating systems reach end-of-support? Yes, and the response is oſten methodical rather than immediate. Sophisticated threat actors, both state-backed and criminal, are well aware when an OS reaches end-of-life. Initially, they review patch notes from supported platforms (such as Windows 11) and reverse-engineer them to identify equivalent vulnerabilities in Windows 10. Since no patches will ever be issued for those, attackers gain access to “forever-day” exploits, zero-days with no future fix. Opportunistic attackers and botnets will eventually join in, scanning the internet for known indicators of outdated Windows 10 builds. In fact, recent telemetry shows this trend


is already underway: nearly 60% of all systems compromised by infostealers in late 2024 were running Windows 10, highlighting how attractive the OS remains to attackers due to its massive install base. Tis coincides with a broader surge in cybercrime, including a 58% rise in phishing


www.pcr-online.biz


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52