Windows 10 reaches end of life (EOL) on Oct. 15, 2025, after which point updates will no longer be provided.

Despite the deadline closing in soon, a good number of computers are still running Windows 10. The asset management company Retfab said that 86% of 2 million assets it tracked were still running Windows 10, while data from July from statcounter showed that 42% are still running Windows 10, and Windows 11 only surpassed Windows 10’s market share in June of this year.

According to Jason Himesh, co-founder of Increased.com, creator of financial software, the biggest issue with this particular migration is that Windows 11 has specific hardware requirements that many computers don’t meet.

For machines that don’t meet those requirements, the options are to get a new computer or pay for the Windows 10 Extended Security Update (ESU) program, which will allow them to still receive security updates on Windows 10 for an additional year.

“We have seen many clients make the hard decision between paying for Microsoft’s extended support, like a digital band-aid, or replacing perfectly functional systems,” he said.

Todd Thorsen, CISO at the backup and recovery company CrashPlan, cautions IT teams to remember that the ESU is a short term solution and if companies opt for that route, they need to be simultaneously planning for the eventual upgrade so that they don’t run into the same problem next year when ESU support ends.

Melissa Bischoping, senior director of security and product design research at Tanium, an endpoint management company, echoed the sentiment that many IT teams are caught off guard by the hardware requirements and compatibility checks.

She said that IT teams need to be testing critical business functions on Windows 11 while also assessing their hardware inventory to identify which systems are ready to upgrade and which need to be replaced.

This should be done as soon as possible so that IT teams can order replacements quickly to avoid supply chain delays closer to the deadline.

Kev Breen, senior director of cyber threat at security company Immersive, believes that given the fact that it took years for companies to move from XP to 7 and 7 to 10, the migration from 10 to 11 might also take years.

This is due to a number of factors, including hardware, license costs, and the number of machines a company owns.

“This creates a prime opportunity for threat actors, where vulnerabilities are still going to be found and exploited in Windows 10 despite it being ‘retired’. With this in mind, it’s critical that organizations migrate sooner rather than later. If they cannot move quickly, then they should look at the Windows 10 ESU program to support over the migration period,” he said.

Additionally, for machines that won’t be upgraded or enrolled in the ESU program in time, he recommends ensuring that proper network segmentation, enhanced monitoring, and stricter access controls are in place for them.

“Those companies that think they will make it out of this unscathed, it’s crucial for them to understand that Windows 10 systems will soon become an extremely vulnerable target for threat actors, and it won’t be long before these companies will be struggling with ransomware,” said Thorsen. “The best strategy in this scenario is to be proactive. Get visibility now, communicate clearly with leadership and plan ahead to make this transition as smooth as it can be.”