The UK’s National Cyber Security Centre (NCSC) has issued a stark warning to Windows 10 users across the nation: prepare to upgrade to Windows 11 now, or face elevated levels of cyber risk in the future as Windows 10 moves into its end-of-life phase.
The national security body today released updated recommended configuration packs for Windows 10 – part of a set of recommended configurations it maintains for the main operating systems to help organisations rapidly deploy recommended baselines, saving them the bother of evaluating all the security settings themselves.
The NCSC said that despite its advanced age, the Windows 10 operating system (OS) still has a sizeable user base in the UK and many organisations are hesitant, or outright reticent, to upgrade. For many, said the NCSC, Windows 10 still works for their needs and does not look or feel particularly out of date.
However, Windows 10 was released in July 2015, and has been Microsoft’s longest-serving flagship OS. With the advent of Windows 11, released in October 2021, it is now approaching the end of the road, and will fall out of support on 14 October 2025.
In practice, this means that while the software will still function, it will no longer receive any security updates, and nor will Microsoft’s customer service teams be available to provide technical support for it. “Organisations now have just three months to urgently update their devices and hardware before Windows 10 reaches end-of-life status putting their security at greater risk,” said Ollie Whitehouse, chief technical officer at the NCSC.
“While Windows 10 was released more than a decade ago, it is still used widely by enterprises, and not upgrading is akin to incurring a debt at a high interest rate – with the threat of forced repayment at a future date,” he added.
“The NCSC implores any organisation that has not already migrated to a more modern system to do so to help address security vulnerabilities in your devices and ensure overall cyber resilience. This is essential as demonstrated by the requirement to maintain supported software in Cyber Essentials.”
The NCSC said the risks of delaying the upgrade beyond October are manifold. In addition to the difficulties that users will experience from being out of support, outdated systems that are not receiving patches for vulnerabilities will be prime targets for threat actors, as was seen in the WannaCry ransomware incident of 2017 in which unpatched versions of Windows XP were exploited.
It added that Windows 11 offers significantly enhanced security features through Microsoft’s secure-by-default approach, including several features that had to be manually turned on in Windows 10 but are not automatic – including BitLocker encryption, Virtualisation-Based Security and Secure Launch. Other new cyber features include native passkey management, improvements to the Windows Hello identity and access management service, and changes to how default features like Credential Guard operate.
Microsoft’s guidance is to install Windows 11 on PCs that meet the system requirements and are eligible to upgrade or consider buying a whole new machine. Those who really need more time before moving to a Copilot+ PC or Windows 11 device can buy access to a 12-month Extended Security Update programme for $30 (approximately £22).