Technology

Extended security updates are available. This can be activated for free using Microsoft Activation Scripts.

Microsoft tech support has been repeatedly caught using these scripts to resolve support tickets for license issues. (https://www.bleepingcomputer.com/news/security/microsoft-support-cracks-windows-for-customer-after-activation-fails/) Also, the open source MAS code is hosted on Microsoft-owned Github, so they are appearantly not very concerned with people taking advantage of this exploit.

If you go this route, please also see the FAQ entry here. There is currently a glitch with commercial ESU keys (which this uses) and Windows Update will continue to claim that your device will no longer receive security updates. This is also effecting W10 LTSC systems. However, you can verify that the license key is active through Command Prompt and instructions are given in the FAQ.

See an example here:

Microsoft said both issues could allow attackers to execute code with elevated privileges, although there are currently no indications on how they are being exploited and how widespread these efforts may be. In the case of CVE-2025-24990, the company said it's planning to remove the driver entirely, rather than issue a patch for a legacy third-party component.

The security defect has been described as "dangerous" by Alex Vovk, CEO and co-founder of Action1, as it's rooted within legacy code installed by default on all Windows systems, irrespective of whether the associated hardware is present or in use.

New attack vectors are found constantly. Having no support can very likely result in a system that can be automatically breached in a few weeks to months.

As long as you don't have a public IP on your device and are in a trusted network you should be fine. But if you use a public wifi or somehow expose a port to the internet you're increasingly vulnerable for each day after the last security update.

There's always going to be vulnerabilities, that's why they're ending support. They don't want to spend time updating an OS they don't want people using.

Windows 10 is probably fairly secure... today. In 2 years, someone might discover a new vulnerability, and you won't get the update. If there's a new way to do web security and the browsers need OS support to implement it, you'll be stuck on legacy security settings.

Short term honestly likely fine for your avg person. After even six months tho I wouldn't trust using it for banking, government sites or anything more sensitive then looking at cat memes.

If you want to keep running Win10, look into 0patch. They do in memory patching and are MUCH smaller, it's what a real OS manufacturer would put out.

Its probably more lazy than anything. Security always depends on what you need to protect. If you want to keep using it, dont keep sensitive information on it. People will target vulnerabilities in Windows 10 as time goes on.

I wouldn't be surprised if there's a conspiracy where Microsoft purposely left a massive hole in windows 10. And they are going to attack their own system in 2 months and be like "oh noez, welp guess you have to come to windows 11".