Windows 10 security flaws leave millions vulnerable

Windows 11 is the latest and greatest operating system from Microsoft, but it has its flaws, so much so that even four years after its release, some people are sticking with older versions. Windows 10 remains the operating system of choice for many, even though Microsoft has shifted its focus entirely to Windows 11. In fact, the Redmond-based company will end security updates for Windows 10 this October.
If that's not enough to push you toward upgrading, the latest news might be. The 240 million Windows 10 users are vulnerable to dozens of security vulnerabilities, six of which are reportedly already being exploited by bad actors.
The vulnerabilities in question were part of a recent Microsoft Patch Tuesday update, a monthly release where the company addresses security flaws. In this case, six specific exploits were identified as being actively used by hackers to target Windows 10 systems. These exploits are particularly alarming because they are already in the wild, meaning attackers are leveraging them to compromise systems before all users have had a chance to update their devices.
The affected population, estimated at 240 million, refers to users whose PCs cannot upgrade to Windows 11 due to hardware limitations, such as lacking TPM 2.0 (Trusted Platform Module) or other system requirements.
The six exploits include a mix of flaws that allow hackers to achieve various malicious outcomes, such as executing arbitrary code, escalating privileges to take full control of a system or bypassing security features.
For example, one exploit might overload system memory to overwrite critical data (a buffer overflow), while another could allow attackers to access sensitive information by exploiting a flaw in the Windows Kernel. These vulnerabilities are especially dangerous because they can be triggered remotely or through seemingly innocuous actions, like opening a malicious file or mounting a compromised virtual hard disk.
Microsoft has released patches to address these issues, and America's Cyber Defense Agency has urged users to update their systems immediately, ideally by this month, or risk severe consequences. The agency even suggested turning off unpatched computers as a precaution. Updating to the latest Windows 10 patch is the simplest and most effective way to protect against these exploits right now.
However, a bigger problem looms later this year. Microsoft will officially end free security updates for Windows 10 on October 14, 2025. After that, systems running Windows 10 will no longer receive critical security patches, unless users enroll in Microsoft's Extended Security Updates (ESU) program.
This ESU program will be available to individual users for the first time and will cost $30 per device for one additional year of updates. It's designed to give users more time to transition, especially those who can't upgrade to Windows 11 due to hardware limitations. While this offers a temporary reprieve, it's not a long-term solution; the ESU program will only extend support for a limited time (typically three years in enterprise settings) and prices may increase annually.
The scale of the problem remains significant. Millions of devices lack the hardware requirements for Windows 11, such as TPM 2.0 and newer CPUs, making the shift costly or impractical for some. Analysts warn this could contribute to a surge in electronic waste, unless recycling and repurposing efforts improve dramatically.
If you're a Windows 10 user, the immediate step is to ensure your system is updated with the latest patches. Follow the steps below to do that:
1) Use strong antivirus software: Even with the latest patches, no system is entirely immune to threats. Strong antivirus software can act as a second line of defense, detecting and neutralizing malware that exploits vulnerabilities before they cause harm. Look for solutions with real-time protection and frequent updates to tackle emerging threats. While this won't fix unpatched system flaws after October 2025, it can reduce risks from common attack vectors like phishing or malicious downloads. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features (like Microsoft Edge or Chrome with Safe Browsing enabled).
3) Plan for the future: The clock is ticking on Windows 10's security updates. If your hardware can't handle Windows 11, weigh your long-term options. Buying a new PC might be inevitable, but you could also explore alternatives like Linux, which offers free, secure operating systems (e.g., Ubuntu or Linux Mint) that run well on older hardware.
The road ahead for Windows 10 users is anything but smooth. With critical vulnerabilities emerging and official support coming to an end, millions are being pushed into a difficult decision. They can upgrade their hardware, pay for temporary patches or continue using increasingly vulnerable systems. As October draws closer, the risks will only increase. Updating your system is essential, but it's just a short-term measure. Now is the time to start preparing for what comes after, before the window of protection closes for good.
Do you think tech companies are doing enough to prevent hackers from obtaining your data? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Forbes

an hour ago

• Forbes

GenAI Won't Replace Doctors, But It Could Make Them Miserable

No matter how powerful generative AI becomes, physicians will still have jobs. But will those jobs ... More be fulfilling or soul-crushing? Will AI replace doctors? A year ago, most physicians would've confidently answered 'no.' Medicine, they'd argue, is too complex, too personal, too human to be handled by machines, no matter how advanced. Now, that confidence is starting to waver. Physicians, like other highly educated workers, are watching what's happening in another once-secure, intellectually demanding profession: computer programming. Not long ago, coding was considered one of the most prestigious and future-proof careers in the modern economy. The brightest students pursued software engineering, drawn by high salaries, strong demand and the appeal of solving complex problems. Programmers were irreplaceable. Until they weren't. From Amazon to Meta to Salesforce, tech companies are laying off engineers by the thousands. At Microsoft, generative AI already writes a third of the company's code, and some experts predict it could eliminate two-thirds of programming jobs by decade's end. Companies like Shopify and IBM have gone even further, requiring managers to justify hiring humans over AI or freezing new hires for roles they believe GenAI tools will soon replace. In medicine, large language models already outperform physicians at diagnosing complex cases and answering patient questions. But that doesn't mean clinicians are at risk of losing their jobs. Here are three reasons GenAI won't replace doctors — followed by one major caveat. 1. Too Few Doctors, Too Much Work Across hospitals and clinics, American healthcare is already stretched beyond capacity. The American Medical Association projects a shortfall of up to 124,000 physicians by 2036, including 48,000 in primary care alone. Three major forces are driving this shortage: Bottom line: The physician shortage is real and getting worse. GenAI can help fill the gaps, but it won't eliminate the demand for human clinicians. 2. Cutting Doctors Is A Poor Way To Cut Costs In most industries, replacing high-salaried workers with technology is the fastest path to profitability. But in healthcare, that approach misses the point entirely. Take primary care as an example. It's the backbone of the U.S. medical system, yet it accounts for less than 5% of the nation's $4.9 trillion in healthcare spending. Only half of that percentage goes to salaries. So, even if we eliminated half of all primary care physicians (an unthinkable move), total costs would drop by just 1.25%. In healthcare, the greatest opportunity for cost savings is in preventing and better managing chronic diseases like diabetes, hypertension and long-term heart failure. According to the CDC, improving prevention and chronic disease management could prevent 30–50% of their complications (heart attack, stroke, cancer and kidney failure). Avoiding these catastrophic medical events would save an estimated $1.5 trillion annually. Value-based care models have already demonstrated what's possible. Studies from leading health systems show that investing in proactive, team-based primary care reduces hospitalizations, improves outcomes and lowers annual per-patient costs by up to 23%. That's where the right combination of clinicians and generative AI offers the greatest value. Between visits, GenAI can track symptoms, alert patients to necessary medication changes and identify complications before they turn into crises. Paired with 24/7 telemedicine, GenAI can provide patients with real-time expertise and care for routine concerns, flagging serious problems when doctors aren't normally available. Bottom line: Controlling chronic disease offers 20 times the savings of cutting primary care jobs. Ultimately, the greatest cost reductions will come from better health, and the best way to achieve that is pairing generative AI with skilled clinicians and empowered patients. 3. AI Can't Replace Human Connection Generative AI is becoming more skilled with every update. In a recent dual study, ChatGPT provided answers to routine patient questions originally fielded by doctors. When clinicians and patients reviewed the anonymized responses, the AI was rated better than physicians in both quality and empathy. But when the stakes are high — life-altering cancer diagnoses or complex treatment decisions —patients want a trusted human at their side. Abraham Verghese, my colleague at Stanford and a bestselling author, notes: 'Medicine at its heart is a human endeavor … the physician‑patient relationship is key; all else follows from it.' He emphasizes the ritual of the physical exam as transformative, a structured encounter that seals trust, communicates care and calms fear. Studies show that the doctor's touch reduces anxiety, boosts patient satisfaction, and even improves clinical outcomes. Bottom line: Even when data show that generative AI is more accurate, patients still want to talk with a human when facing complex or life-threatening decisions. A Caution Against Complacency No matter how powerful generative AI becomes, physicians will still have jobs. But will those jobs be fulfilling or soul-crushing? That depends on what doctors do next. If private equity firms or for-profit health insurers determine how GenAI is integrated into medicine, the technology will be used primarily to increase productivity: faster diagnoses, shorter visits, less support staff. Yes, technology can streamline tasks. But unless clinicians shape its deployment, GenAI will be used primarily to drive productivity, making today's problems worse for both clinicians and patients. By contrast, if physicians take the lead, they can harness generative AI to improve patient health, reduce burnout and lower costs by preventing complications like heart attacks, strokes, cancer and kidney failure. But that success will require more than technological tools. Doctors must organize into high-performing medical groups, integrate GenAI into all aspects of clinical care and negotiate payment models that reward improved outcomes — not just higher volume. Bottom line: Bottom line: GenAI can cut corners or improve care, but not both. It can boost profits or improve lives, but not both. The path we take will depend on who takes the lead.

Newsweek

an hour ago

• Newsweek

'Always On,' How Workers Are Suffering From 'Infinite' Work

Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Though "Infinite Workday," might sound like the title of a sci-fi film, it's a reality for many Americans, according to a recent report from Microsoft. The tech giant released their 2025 Work Trend Index Annual Report this week, which highlighted the relentless nature of the modern workday. Newsweek spoke to the experts to find out more about the "infinite workday," and how they are impacting Americans. The Context The phrase infinite workday refers to being constantly connected to work, from dawn until late at night. A spokesperson for Microsoft told Newsweek that "The infinite workday perfectly speaks to how we all feel. Work has reached peak inefficiency, and we can't look away." Composite image of a stressed worker, a clock, a laptop and a note reading, "Back to work." Composite image of a stressed worker, a clock, a laptop and a note reading, "Back to work." Photo-illustration by Newsweek/Getty/Canva What To Know Microsoft reported that the average employee receives 117 work emails each day, 153 Teams messages each day, has 2 minutes between interruptions (be it a meeting, call or message) and that 57 percent of meetings are called in the moment and do not have a calendar invite. In an email shared with Newsweek, a Microsoft spokesperson said that U.S. users average 155 chat messages per person each day, which is just above the global average. U.S. workers averaged 155 chat messages per person per day—just above the global average of 153. For email, U.S. workers send an average of 120 emails per person per day, which again is just above the global average. The intensity of the workday comes at a time when workplace satisfaction is increasingly low. In May of 2025, Glassdoor released their Employee Confidence Index and found that only 44 percent of U.S. workers feel optimistic about their company's prospects—the lowest reading ever recorded. Gallup meanwhile reported in a 2024 that employee engagement was at a 10-year low, with enthusiasm and involvement both dropping sharply. Meanwhile, The State of the Workforce Report from MeQuilibrium, which analyzed findings from 5,477 employees across various industries, found that 35 percent of employees feel worse about their work situation and 49 percent feel worse about their finance. Why Is Work Stress So Prevalent in America? Though Microsoft's study is not country specific, the problem of the infinite workday is a pervasive one for Americans. According to data from the Bureau of Labor Statistics, the average working week for all employees, including part time employees in private industries as of 2022 was 34.5 hours. Though the Fair Labor Standards Act sets a standard workweek of 40 hours, for most U.S. workers, there is no federal limit on how many hours you can work in a week. Newsweek spoke to Juliet Schor author of Four Days a Week: The Life-Changing Solution for Reducing Employee Stress, Improving Well-Being and Working Smarter. "U.S. workers have longer hours than people in other high-income countries," she told Newsweek via email. As for the factors driving this, Schor pointed to a "lack of legal protections to turn off devices, high numbers of companies with outsourced teams so there's a need to work across time zones, weak levels of unionization, long hours culture and high health care costs borne by employers." Newsweek also spoke to Ellen Ernst Kossek, distinguished professor emerita of management at Purdue University, who said that U.S. culture itself, "Really emphasizes work," and that "The U.S. identity is linked really heavily to work." She highlighted the right to request flexible working and right to disconnect laws in other countries like the U.K. and said that by comparison the U.S. is more "always on," and that there is an expectation to be online. Vili Lehdonvirta, professor of technology Policy in the Department of Computer Science, Aalto University, Finland, echoed this point. "In many sectors, like technology and finance, there is an expectation that workers should be available to their employers also outside formal working hours, and this norm is probably stronger in the U.S. than in many places in Europe." Lehdonvirta pointed to different technology adaptations and urban planning as playing a potential role in this. He said that mobile devices like Slack and Microsoft Teams makes "always-on culture easier to enact in practice." Speaking to Newsweek over email, Stewart Friedman, emeritus practice professor of management at the Wharton School at the University of Pennsylvania, said, "Norms about boundaries between work and the rest of life vary across countries and they are resistant to change." He said that though people in the U.S. work longer than those in Europe, they are "less burdened," by work than people in South Korea or Japan. "The values underlying national or regional cultures play a big role in determining expectations about the parts of life to which we allocate our attention." How 'Always On' Work Culture Negatively Impacts Employees We know that workers are indeed always on, but how is this impacting them? For Schor, the risks are clear. "Workers burn out, have health problems and as a result do lower quality work and are more likely to quit," she said Lehdonvirta told Newsweek, "Studies suggest that workers in an always-on work culture experience more work-home-interference, fatigue, and other negative consequences." A 2019 study from Myers-Briggs surveyed 1,000 people about always-on culture and found that people who were able to access calls and emails for work outside of hours were more engaged in their job, but more stressed. The study found that 28 percent of always on employees said they couldn't mentally switch off, while 20 percent reported mental exhaustion. According to Lehdonvirta, the consequences of this vary. "Worker-controlled flexibility over when to carry out duties can even be a positive thing for combining work with other commitments. Organizational culture and the behavior of supervisors as role models matters," he said. "People do have different styles of working," Kossek said, noting that people may work out of hours to enable taking breaks at other times in order to help balance work-life responsibilities. "There is a risk to working odd hours," Kossek said, noting that "We can make unhealthy choices," such aa checking emails on weekends or vacations when it's not an emergency. Kossek highlighted that workers are also bringing the job home with them. "Think about two hands going back and forth, representing emails and texts going into crossing borders into home, home into work," she said, There is a "high pattern of integration here," Kossek said, and likened the amalgamation of work and home life to trying to text while driving. The Entry of Artificial Intelligence Microsoft's report comes as the world of work is being rapidly changed by the increasing prevalence of Artificial Intelligence. AI is a polarizing topic—some liken it to a new industrial revolution, while others are sounding the alarm on ethical and environmental concerns. But how will it impact the workplace? Will this new technology rebalance the rhythm of the working day, or will it hit the gas pedal on an already unsustainable work pace? A spokesperson for Microsoft told Newsweek "At a time when nearly every leader is trying to do more with less, we have a real opportunity—not to speed up a broken system, but to refocus on the 20 percent of work that drives 80 percent of the impact, to reorganize into flatter, more agile teams, and to pause long enough to learn how to use AI—not just to support the work, but to transform it." Schor though, said that "AI can go either way." "It can lead to job stress, unemployment and higher productivity requirements. But it can also be a way to enhance productivity," she said. Lehdonvirta shared a similar sentiment. "It depends entirely on what they can do," he said, adding that if these tools "genuinely help people," to off-load tasks then they could help to achieve "sustainable working styles." However, "If they become yet another notification that interrupts you, or yet another inbox that needs to be dealt with, then the consequences may be different." Friedman told Newsweek, "To the extent that AI tools give greater freedom and flexibility in determining how we allocate our attention to the people and projects about which we care the most, then they can be useful in helping us produce greater harmony and impact as leaders in all the different parts of our lives." What's Next The workforce is rapidly changing, but more change may need to come to tackle always on culture. "We have to come up with new norms for managing, when we're on and when we're off work and new ways of communicating," Kossek said. Schor said, "When workloads increase, reducing hours can often make it easier to do all the work," this is because "people are most rested and less burned out." A good work life balance is key in this, but it takes commitment. "People are trying to be great employees, but also have a rich personal life," Kossek said. Friedman told Newsweek that "learning how to manage boundaries between different parts of life," like "work, home, community," is possible. But "it takes conscious effort and continual experimentation."

Digital Trends

3 hours ago

• Digital Trends

Apple needs an AI magic pill, but I'm not desperate for it on macOS

Over the past few months, all eyes have been fixated on Apple and what the company is going to do with AI. The pressure is palpable and well deserved. Google has demonstrated some really compelling AI tools, especially with Project Astra and Mariner, that turn your phone into something like an all-knowing, forever-present digital companion. The likes of Microsoft, OpenAI, Claude, and even Amazon have shown some next-gen AI chops that make Siri feel like an old prototype. But there is a fine distinction between using AI on phones and how they flesh out on a computing machine, like a MacBook Air. Recommended Videos You don't really talk to an assistant like Siri on a desktop I often run into scenarios where AI is useful on a phone, like Visual Intelligence, which can make sense of the world around you based on what you see through the camera feed. The Mac doesn't really need it, primarily because it lacks a world-facing camera. And second, you can't ergonomically point the Mac's webcam at an object — especially in a public place — like you would with a phone in your hand. But the problem with the whole 'Apple must do AI better' is suited well for mobile devices, and not really Macs, which rely on a fundamentally different mode of input-output, and how we get work done in apps and software. I've used my fair share of AI-first Copilot+ laptops running Windows, and I feel strongly that Apple's AI efforts don't need an urgent focus on macOS, as much as they do on mobile devices, for a few reasons. The Mac is already well fed Bloomberg's Mark Gurman, in the latest edition of his PowerOn newsletter, argued that Perplexity is a nice target for Apple to scoop up an AI lab of its own and get its hands on a ready-made AI stack. Perplexity's answering engine is pretty rewarding, it's not too expensive (by Apple standards), and it works beautifully on iPhones. Over the past couple of quarters, the company has launched a whole bunch of integrations across Telegram and WhatsApp, Deep Research mode, a reasoning AI model, a shopping hub in partnership with Amazon, media generation and image uploads, search through audio and video files, among others. There are just two problems, especially with accessing Perplexity on a Mac. First, it can already do everything in its role via the Mac app and web dashboard, so an integration at a deeper level with Mac won't be solving too many computing problems. Second, ChatGPT is already integrated deeply within Siri and the Apple stack, and it's only a matter of time before both of them step up. Let's be honest here. Perplexity is a cool product, but not exactly revolutionary in the sense that it can elevate the macOS experience significantly. Enterprise AI is a different beast, but for an average user, every AI tool out there — Gemini, ChatGPT, Copilot, Claude, or Perplexity — exists as its own web tool (or app) where you truly get the best out of it. So, what about integrations? Well, they would depend on the tools at hand. A huge chunk of the computing market either relies on Microsoft and its Office tools or Google's Workspace products, such as Docs, Drive, Sheets, and more. From Windows to Office, Copilot is now everywhere. Similar is the situation with Gemini and Google software. Now, millions of Mac users actually use these tools on a daily basis, and Apple doesn't offer a viable replacement of its own. Moreover, there isn't a chance that Google will allow Apple's AI to penetrate deeper into its Workspace than Gemini. Microsoft won't do any different with Copilot and Office. Plus, it's hard to imagine an external AI working better in Docs or PowerPoint than Gemini and Copilot, respectively. The space is already tight, but more importantly, well-fed. And let's not forget, OpenAI and its GPT stack are very much baked at the heart of macOS. If Apple wanted to build integrations, OpenAI offers arguably the most advanced AI tech stack out there. Adding any more AI at the system level would only add to the confusion for an average Mac user, without solving any real problems. The space of an extra AI player on the Mac is tighter for another reason: Apple's Foundation Model framework, which works on-device as well as in cloud-linked format, but with utmost privacy. Apple says it will allow developers to build a 'personal intelligence system that is integrated deeply into iPhone, iPad, and Mac, and enables powerful capabilities across language, images, actions, and personal context.' In a nutshell, Apple's own foundation models are available to developers so that they can build AI experiences in their apps. The best part? It's free. It's not nearly as powerful as the models from OpenAI or Google, but for getting work done locally — like cross-app workflow, intelligent file search, and more — they should come in handy without any privacy scares. The productivity question The M4 MacBook Air is my daily driver these days, and it's a fantastic machine. And I use AI tools heavily on a daily basis. Yet, I have never felt macOS to be an AI bottleneck for me. Every AI tool that I rely on is either already integrated within the software of my choice or available as its dedicated app or website. Yet, the whole notion of turning a product into an AI product baffles me. It makes sense for a phone, like the Pixel 9, but not so much for a laptop. I have tested five Copilot+ Windows machines so far. Yet, the core benefits they offer — snappy performance, instant wake, and long battery life — have little to do with user-facing AI. I was able to use Gemini or Copilot just as fine on a regular Windows laptop as I was able to extract their benefits on a Copilot+ machine with a minimum 45 TOPS AI capability. The Mac is no slouch, and interestingly, all the AI tools in my productivity workflow can be accessed just fine on macOS as they are available on Windows. There are a few exclusive perks, like Windows Recall, but they are not a must-have for the average computer user out there. And let's not forget that Apple already has the foundations ready, and we are going to see the results next year. When Apple introduced the M4 MacBook Air, the company focused on its AI chops, but what flew under the radar was Apple's App Intents Framework, which integrates effortlessly with Apple Intelligence. In simple terms, any app — whether AI or not — can embrace the benefits of on-device AI processing, such as awareness of on-screen content, in a native macOS environment. Now, it's valid to criticize Apple for its AI missteps. I am at a stage where I use Gemini everywhere on my iPhone, from the lock screen widgets to the dedicated app, instead of Siri. But that's not the situation with Macs. For my workflow, and a whole bunch of Mac users' out there, they're not gasping for a next-gen Apple AI. What they need is a reliable machine to run the AI of their choice. Even the cheapest Mac can meet those requirements.