Windows 10 Deadline Looms: How to Stay Protected Beyond 2025

Free support ends October 14, 2025; new KB5063709 unlocks Extended Security Updates enrollment to keep critical patches flowing through October 2026.

Microsoft is warning Windows 10 users that free security updates end on October 14, 2025. A new cumulative update, KB5063709, enables a built-in enrollment flow for the Extended Security Updates (ESU) program, offering another year of fixes to October 13, 2026. Edge and WebView2 will still receive updates on Windows 10 until 2028.

With less than two months before Windows 10 reaches end of support, Microsoft has issued a final security warning: after October 14, 2025, no more free fixes. A fresh update, KB5063709, now exposes an “Enroll in Extended Security Updates” option inside Windows Update to help users secure one more year of patches.

• End of free support: Windows 10 (22H2) stops receiving free security updates on Oct. 14, 2025.
• Bridge program: Microsoft’s Consumer ESU extends security fixes to Oct. 13, 2026; enrollment is now available from Settings after installing KB5063709.
• Browser exception: Microsoft Edge and WebView2 Runtime will keep updating on Windows 10 through at least Oct. 2028—even if you don’t buy ESU.
• Scale: Windows 10 still represents roughly 43% of active Windows desktops worldwide (Statcounter, July 2025).

“After October 14, 2025… Microsoft will no longer provide security updates or fixes.” — Microsoft support page. Microsoft Support

“KB5063709… includes a fix for a bug that prevented enrollment in extended security updates.” — BleepingComputer (Aug. 12, 2025). BleepingComputer

“Edge and the WebView2 Runtime will continue to receive updates on Windows 10… until at least October 2028.” — Microsoft Edge lifecycle. Microsoft Learn

A separate storyline continues to roil the transition: a California lawsuit alleges Microsoft set the 2025 cutoff to push AI-ready PCs; Microsoft points to ESU as a safety net, but litigation underscores user anxiety about older, ineligible hardware.

What’s changing on Patch Tuesday:

• KB5063709 (Aug. 2025): Required to expose the ESU enrollment UI under Settings → Update & Security → Windows Update. It also resolves the enrollment-wizard crash and rolls in July’s security fixes (including one zero-day).

Enrollment mechanics (consumer ESU):

• Prereqs: Windows 10 22H2, admin rights, and Microsoft account sign-in (local accounts are not supported for ESU).
• Cost options: $30 one-year ESU, 1,000 Microsoft Rewards points, or free if you enable OneDrive settings sync—all visible in the built-in wizard after KB5063709.

Risk surface if you skip ESU:

• Unpatched remote code execution and privilege-escalation flaws accrue monthly across the kernel, Win32k, networking stack, printing, and driver ecosystems. Even with a supported browser, OS-level exposures (SMB, RPC, LSA, Credential Guard bypasses) remain unmitigated. (Derived from Microsoft monthly CVE cadence; see KB5063709 advisory context.)

Mitigations checklist (if you must remain on Windows 10):

1. Enroll in ESU and keep Windows Defender/EDR signatures current.
2. Harden attack surface: disable legacy protocols (SMBv1), restrict RDP, enforce LSA protection, and require smartcard/Windows Hello where possible. (General guidance aligned with Microsoft security baselines.)
3. Application control: enable ASR rules and Smart App Control-equivalents; prefer standard user rights.
4. Network containment: segment legacy Windows 10 devices; use firewall allow-lists and zero-trust access.
5. Browser updates: keep Edge/WebView2 current; isolate risky web apps in Application Guard where available.

Impact & Response

Who’s affected: Home users, SMBs, schools, and agencies still running Windows 10—hundreds of millions of devices globally. Statcounter shows Windows 10 usage near 43% in July 2025, meaning a large residual population will face patch gaps without ESU.

Actions to take now:

• Install KB5063709, then open Windows Update → Enroll in Extended Security Updates and choose a plan.
• Plan upgrades to Windows 11 24H2+ or supported alternatives; Microsoft reiterates Oct. 2025 as the firm cutoff for free updates.

Long-term implications: Expect shrinking driver/app support and rising exploit availability on unpatched systems, even as browsers continue to update through 2028.

Background

Microsoft set Windows 10 22H2 as the final feature version and has repeated the Oct. 14, 2025 deadline since 2023–24 guidance. ESU is designed as a temporary bridge, not a multi-year extension. Browser support to 2028 offers partial protection, but it does not replace OS security hardening.

• “ESU buys time—but not immunity. Treat it like a controlled exit ramp: enroll now, apply strict hardening (kill SMBv1, lock down RDP, enforce LSA protection), and move critical workloads to supported platforms within 12 months. The cost of delaying migration will be paid in incident response.” — El Mostafa Ouchen, cybersecurity author & practitioner.
• Microsoft (support notice):
  “After October 14, 2025… we will no longer provide security updates or fixes.”
• BleepingComputer (on KB5063709):
  “The update… fixes a bug that prevented enrollment in extended security updates.”
• Microsoft Edge team (lifecycle policy):
  “Edge and WebView2 will continue to receive updates on Windows 10 until at least October 2028.”

Conclusion

Microsoft’s warning is unambiguous: Windows 10’s free patch era ends on October 14, 2025. The KB5063709 + ESU path is a short-term safety measure to October 2026, not a strategy. Organizations and households should enroll if needed—but prioritize upgrading or retiring Windows 10 endpoints to reduce exposure as exploit pressure rises.