Once again, previously resolved Windows vulnerabilities have resurfaced, and with them comes a serious new warning impacting at least 400 million users.
These users now need to take proactive steps to safeguard their PCs and data from potential attacks. This is a matter of timing.
The public interest advocacy group, PIRG, is advocating for Microsoft to extend the Windows 10 support that is currently available to schools, making it accessible to a broader range of users.
“In one year, Microsoft plans to end support for Windows 10,” PIRG warns, “potentially rendering up to 400 million computers obsolete overnight.
This decision could trigger the single largest surge in junked computers in history, with dire consequences for both consumers and the environment.”
Ahead of the October 2025 end-of-life deadline for Windows 10, Microsoft has granted an exception for schools, allowing them continued use. “Windows 10 expires in one year,” PIRG states, “junking millions of PCs.
We pushed Microsoft to extend support for schools, and we’re advocating for more.” The advocacy group hopes for an extension of support to home users, ideally at little or no additional cost.
According to PIRG, “Under Microsoft’s new policy, schools can keep Windows 10 computers in classrooms safe from attacks for three additional years by paying $1 per computer for the first year, $2 the following year, and $4 the third year.”
This arrangement is considerably more affordable than enterprise-level extended support. PIRG continues, “Consumers will be able to purchase extended support, although prices have not been announced… We continue to push for an automatic extension of essential security updates for Windows 10.”
While the environmental impact of increased landfill waste is a significant concern, an even more urgent security threat is emerging alongside this ticking time bomb.
Owners of the 400 million devices that may soon be obsolete, along with an additional 500 million devices eligible to upgrade to Windows 11 but have not, are facing escalating risks. Two additional warnings highlight the urgency and the necessity for immediate action.
First, a previously fixed vulnerability has reappeared, causing serious concern. After security researcher Alon Leviev initially raised the issue in August, Microsoft patched two vulnerabilities related to “downdate” risks, which could allow attackers to exploit already fixed issues by rolling back updates.
However, Leviev warns that “the Windows Update takeover which was reported to Microsoft as well, has remained unpatched, as it did not cross a defined security boundary.”
This situation exists in a somewhat grey area, as any exploit requires physical, administrator-level access to the device. “Microsoft did fix every vulnerability that resulted from crossing a defined security boundary,” Leviev told Dark Reading.
“Crossing from administrator to the kernel is not considered a security boundary, and hence it was not fixed.”It’s clear that continued support is critical to address these vulnerabilities as they arise, and it’s likely that Microsoft will address these in the future, based on past practices.
A similar approach should be taken for the Windows Theme vulnerability, now reported as a zero-day issue, which also requires attention.
“Acros Security researchers reported that even though Microsoft recently issued a patch (CVE-2024-38030) to address the associated problem, the risk was not entirely mitigated.”
The specific vulnerabilities are less important than the larger issue: hundreds of millions of users rely on automated, continuous support, which is set to abruptly end in just a year. The Windows ecosystem simply isn’t prepared for such an immediate halt in support.
PIRG warns, “The one-year countdown clock is ticking,” as it launches a petition urging Microsoft to extend support. “While Microsoft is celebrating their earnings, the company should decide to lead the technology industry to support longer lasting products.
Automatically extending Windows 10 could stop the largest surge of junked computers and help the tech giant meet its ambitious sustainability goals.” Microsoft has been approached for comment on PIRG’s appeal.
Though these sustainability goals are commendable, the security risks are even more pressing.
As the clock counts down, Windows users around the world face a looming threat, and it is likely that attackers will exploit any newly discovered vulnerabilities if this confusion over support persists.
