In December, Microsoft announced that support for Windows 10 would end on October 14, 2025. However, as of July, Windows 11 has only just surpassed a 30% market share, which has raised concerns within the security industry.
According to StatCounter, Windows 11’s market share reached a peak of 30.83% in July, the highest it has ever been. In comparison, Windows 10 still held a dominant 64.99% during the same period. Windows 10, which was released by Microsoft on July 29, 2015, has remained widely used despite the launch of Windows 11 on October 5, 2021.
With just 14 months remaining until Windows 10 support ends, the fact that its user base significantly exceeds that of Windows 11 presents a major security concern. After the End of Support (EoS) date, any new vulnerabilities discovered in Windows 10 will go unpatched, leaving devices still running the system vulnerable. EoS refers to the point in a software’s lifecycle when it no longer receives updates or security patches.
The risks of not updating software have been demonstrated in numerous cases, with one of the most significant being the SQL Slammer worm attack in January 2003. This attack exploited a vulnerability that had been patched months earlier, but a critical number of servers had failed to apply the update. As a result, a Denial-of-Service (DoS) attack affected personal computers, ATMs, and card Point of Sale (POS) systems, impacting over 75,000 systems worldwide, according to the Center for Applied Internet Data Analysis (CAIDA). In South Korea, the attack caused a nationwide internet outage that lasted for more than an hour.
In an August 9 interview, Cho Seong-je, a professor at Dankook University specializing in operating systems and security, identified three main reasons for the continued widespread use of Windows 10. First, the professor suggested that after nearly a decade of using Windows 10, many users may be reluctant to switch due to unfamiliarity with the User Interface (UI) in Windows 11. Additionally, he pointed out that Windows 11 lacks certain features present in Windows 10, such as some elements in the Taskbar and Start menu that have been removed. Finally, Cho noted that some users might not have the necessary license required to upgrade to Windows 11.
Professor Cho emphasized that this is a serious situation, given that only 14 months remain until Windows 10 reaches its End of Support (EoS). He expects users who stick with Windows 10 due to familiarity to upgrade their software before the EoS date. However, he expressed concern that many other users might be unaware of the EoS date or the risks associated with not upgrading to Windows 11. He stressed the need for more public awareness about the fact that Windows 10 will no longer receive support after October 14, 2025.
Microsoft is offering guidance on how to upgrade to Windows 11. If a device meets the Windows 11 minimum requirements, it can be updated for free through Windows Update. For devices that don’t meet the requirements, an upgrade is still possible, though it may come with certain risks. Alternatively, users can opt to purchase a new device that supports Windows 11.
Related article: The man whose Log4j scanner saved the day for users worldwide
On a Saturday afternoon, a disturbing link was uploaded to a company’s communication channel containing information about vulnerabilities that were discovered in a particular software application. One member of the firm recognized the seriousness of the situation and thought to himself, “This could cause a stir.” He understood that malicious actors can exploit such weaknesses in software to compromise the security of users. While the vulnerabilities described in the link seemed quite significant, he did not imagine that he would end up doing something just as significant to address the issue. As the cloudy afternoon turned into a frosty evening, he completed the regularly scheduled work that had occupied him during the day and began writing code to address the vulnerabilities he had discovered earlier that afternoon.
On December 11, 2021, Yang Bong-yeol, working in South Korea, shared a free, simple execution file on GitHub, a collaboration platform for software developers run by Microsoft. The file, which had no user interface, offered minimal features through command lines to scan for vulnerabilities in products that make use of Apache Log4j software. Yang spent just two hours developing the scanner, but it quickly became the most downloaded scanner for Log4j vulnerabilities in the world, with over 1.2 million downloads. This number far surpasses what both Google and the United States Cybersecurity and Infrastructure Security Agency (CISA) have achieved so far. READ MORE
