Windows 10 officially reached end of life on October 14, 2025. Microsoft is no longer releasing security patches for it. No fixes, no updates, no protection against newly discovered vulnerabilities.

Five months later, a lot of businesses are still running it.

We’re not going to tell you that’s automatically catastrophic. But we are going to tell you what we actually tell our clients — which is a more nuanced conversation than most of what you’ll read about this.

What “end of life” actually means

When Microsoft stops supporting an operating system, it stops patching security vulnerabilities. New ones get discovered all the time, and attackers find out about them just as fast as anyone else. The difference is that on a supported OS, there’s a fix coming. On Windows 10 right now, there isn’t.

That doesn’t mean your computers will immediately get hacked. It means the risk profile is different, and it will keep getting worse over time as more unpatched vulnerabilities pile up.

Where things actually stand with our clients

Georgy Johnson on our team has been tracking this closely. “Right now we’re down to 3 clients and a total of 16 computers still on Windows 10,” he says. “Most of those computers are still getting updates because we applied the Extended Security Updates — ESU — so they are protected.”

The ESU program is worth knowing about if you’re in a position where upgrading right now genuinely isn’t possible. Microsoft offers paid extended security updates that keep the patches flowing for a limited period while you plan and execute a proper migration. It is not a permanent fix — but it buys time without leaving machines completely exposed. If you have a managed IT provider, they should already know whether this applies to your situation.

Why most businesses haven’t upgraded yet

We talk to a lot of businesses across the Lower Mainland who are still on Windows 10, and the reason is almost never cost or complexity. It’s that they don’t fully believe the risk applies to them.

And honestly, that’s understandable. If you’ve never been through a ransomware incident, it’s genuinely hard to feel the weight of one. You can read statistics but they tend to bounce off. The mental math of “this probably won’t happen to me” feels more real than the math of “if it does happen, here’s what it costs.”

The businesses we see take security seriously are almost always ones that have been through something. A colleague got hit. Their own files got encrypted once. They lost a week of work to a breach. That kind of experience changes how you think about risk in a way that statistics don’t. So when we’re having this conversation with a skeptical prospect, we try to make it concrete rather than just citing numbers.

Georgy put it plainly: “I have not seen a security incident occur because a client was still on Windows 10 — but only time will tell.” That is the honest answer. The risk is real and it grows over time, but it hasn’t bitten every business yet. The question is whether you want to wait until it does.

The honest advice: it depends on your risk tolerance

Here’s what we actually tell businesses who are still on Windows 10.

What would it cost your business if your computers were inaccessible for three days? A week? What if your files were encrypted and you had to decide whether to pay a ransom or rebuild from backup? Add up the realistic number. Then compare it to the cost of upgrading. That’s not rhetorical — it’s a real calculation, and it’s different for every business.

If you’d lose serious revenue from a few days of downtime, the answer is pretty clear. Upgrade now.

If you think your business could absorb it — or if the timing genuinely doesn’t work right now — there are ways to reduce your exposure in the meantime. A robust firewall, a decent third-party antivirus solution, and regular security awareness training for your team can meaningfully lower the chances that a vulnerability gets exploited. None of that makes Windows 10 safe. But it’s better than nothing while you plan. And if ESU applies to your situation, that’s worth exploring too.

What the upgrade actually looks like

The assumption most businesses have is that it’s going to be painful and disruptive. It doesn’t have to be.

We’ve been doing Windows migrations for 15-20 years across our clients here in the Lower Mainland, through every major version release. When it’s planned properly, it’s smooth. For businesses that need high uptime, we can migrate machines over a weekend or overnight. For most, a tiered approach works well — a few computers at a time, working through the fleet over a few weeks without disrupting day-to-day operations. Every client we’ve taken through this has said the process was painless.

The thing that makes upgrades complicated is when they’re reactive. Waiting until something goes wrong and then urgently migrating 20 computers while also dealing with an incident is a genuinely bad situation. Doing it on your schedule, with some lead time, is a completely different experience.

A note on managed IT relationships

For businesses with a managed IT provider, transitions like this should be largely a non-event. Keeping clients ahead of end-of-life deadlines is a core part of what a managed IT relationship is supposed to do. Most of our clients are already on Windows 11 or have a migration scheduled.

If you’re a managed IT client somewhere and your provider hasn’t brought this up, it’s worth asking why.

The short version: running Windows 10 isn’t automatically a crisis, but the risk grows over time and the upgrade is easier than most businesses expect. If you’d like to know which of your machines are still on Windows 10, whether they can run Windows 11, and what a realistic migration looks like for your business, we’re happy to take a look.