Advertisement
Security

Windows 10 Persistence Risks Enterprise

Migration inertia leaves nearly one in six Windows devices exposed as security vulnerabilities mount for legacy operating systems.

··2 hours ago·3 min read
a close up of a computer in a dark room
Photo by Tyler on Unsplash
Advertisement

A persistent segment of the enterprise computing landscape remains anchored to Windows 10, creating a mounting security dilemma as official support windows narrow. While most organizations have moved on, a significant minority of systems cannot or will not migrate to Windows 11, leaving administrators grappling with increasingly vulnerable environments that lack a clear path to modernization.

The Stalling Migration Trend

Data from asset tracking firm Lansweeper reveals that approximately 16.9 percent of monitored Windows devices continue to run Windows 10. While this represents a decrease from figures seen a year ago, the momentum of migration has decelerated significantly. By the time Microsoft ended standard support, the percentage of legacy machines had dipped into the low-to-mid 40s, but recent tracking shows the decline has since slowed to a crawl.

This stagnation is particularly pronounced within small and medium-sized businesses, where 21.4 percent of machines still rely on the aging platform. Financial constraints often dictate these choices, but sector-specific requirements—such as those found in healthcare and pharmaceutical industries at 23 percent, or retail at 22.7 percent—suggest that hardware dependency is a primary driver for avoiding upgrades.

Vulnerability Gaps and Patch Diffing

The security implications of these holdouts are substantial. According to Lansweeper, the discrepancy in threat exposure between the two operating systems is stark:

  • A Windows 10 device carries an average of 1,903 active CVEs.
  • A Windows 11 device carries an average of 652 active CVEs.
  • This represents a 2.9x higher volume of vulnerabilities on the legacy OS.

Beyond the raw count of vulnerabilities, attackers are increasingly utilizing a technique known as patch diffing. By analyzing security updates released for Windows 11, bad actors can reverse-engineer the fixes to identify unpatched flaws in Windows 10, effectively turning the supported operating system into a roadmap for exploiting the legacy one.

Vendor Dependency and Certification

Many systems remain on Windows 10 not due to negligence, but because of rigid vendor requirements. In specialized sectors, equipment is often tied to specific operating system versions for compliance, warranty, or certification purposes, meaning an upgrade to Windows 11 could inadvertently void support or break critical functionality.

I think a meaningful share of the remaining Windows 10 estate isn't being actively unpatched by neglect. It's being held in place by vendor dependency, certification gaps, cost, or accepted risk.

— Esben Dochy, principal technical evangelist at Lansweeper

Even the Extended Security Updates (ESU) offer a temporary reprieve, with Microsoft allowing consumer devices to receive support until October 12, 2027, and commercial entities reaching October 10, 2028. However, only 14 percent of Windows 10 assets currently utilize ESU patches, and experts warn that enrollment is not a permanent solution for hardware that is fundamentally incompatible with newer standards.

The Cost of Remaining Behind

As the deadline for total support expiration approaches, organizations must confront the reality that the rising cost of new PC hardware continues to complicate fleet refreshes. For businesses, the risk is no longer theoretical; it is an active management challenge. IT administrators must now audit their estates to identify precisely which machines remain on Windows 10 and whether they are eligible for, or currently receiving, necessary security mitigations. With the pool of fully protected devices expected to shrink, enterprises that rely on legacy systems without a clear migration strategy will find themselves increasingly isolated, balancing the high cost of replacement against the escalating danger of unpatchable, exposed infrastructure.

#windows 10#windows 11#cybersecurity#microsoft#enterprise

Xploitwire Editorial Team

Xploitwire Newsroom

This article was researched and drafted with AI assistance and reviewed by our editorial team before publication. About Xploitwire →

← Back to all stories
Advertisement