With the first Patch Tuesday following Windows 10’s end of support approaching next week, users who continue to run the operating system should enroll in the Extended Security Updates (ESU) program to remain protected against newly discovered security vulnerabilities.
On October 14, 2025, Windows 10 reached the end of support, meaning that Microsoft will no longer provide technical assistance, feature updates, or security updates for the operating system unless you are running a Windows LTSC version.
For those who are unable to upgrade to Windows 11, whether because they don’t want to, are on older hardware, or run incompatible applications, Microsoft offers extended security updates (ESUs) that allow them to continue receiving security updates for a limited time.
For consumers, you can receive extended security updates for one additional year by:
- Paying $30.
- Backing up your Windows settings to your Microsoft account.
- Redeeming 1,000 Microsoft reward points.
Regardless of the method you use above, you will be required to log in to a Microsoft account that will have the ESU license associated with it.
Consumers in the European Economic Area have a little more leeway as they can receive ESU for free simply by logging in to Windows 10 with a Microsoft account, or pay $30 to continue using a local account.
Enterprise customers can use the ESU program for a total of three years, bringing the total cost per device to $427.
As Windows 10 extended security updates are easily accessible for free, or at least relatively cheap, for most consumers, it is recommended that anyone remaining on Windows 10 sign up for the program to stay protected.
It is common for Microsoft to patch security flaws that are actively exploited to bypass Windows 10 security warnings and gain administrative privileges, making it easier to install malware.
For example, Microsoft patched a Windows Agere Modem Driver elevation of privileges vulnerability tracked as CVE-2025-24990 in the October 2025 Patch Tuesday updates, which was actively exploited in attacks to gain administrative privileges on devices.
While Microsoft has not shared details on how it was exploited, it could have been used by malware or by threat actors with remote access to a device.
Due to new vulnerabilities being disclosed and fixed every month, it is vital to ensure you receive security updates for as long as possible, so joining the ESU program is strongly recommended.
Getting Windows 10 ESU for consumers
To be eligible for the Windows 10 Extended Security Updates (ESU) program, you must be running Windows 10, version 22H2 Home, Professional, Pro Education, or Workstations edition.
You should also make sure all available updates are installed via Windows Update, as a recent bug triggered incorrect end-of-support warnings on Windows 10 systems.
Once all the latest updates are installed, you can enroll in ESU by going into Settings > Update & Security and then clicking on Windows Update.
You should now see a message stating “Your version of Windows has reached the end of the support,” as shown below.
Source: BleepingComputer
If the Window is fully expanded, click on the “Enroll now” option under the “Enroll in Extended Security Updates to help keep your device secure” section in the sidebar. If your Windows Update window is smaller, you will not see the sidebar and will need to scroll down to find this option, as shown below..
Source: BleepingComputer
You will now be in the Enroll in Extended Security Updates wizard, which provides information about the ESU program. Click on the Next button to move to the next screen.
Source: BleepingComputer
You will now be on a screen that provides options for receiving the Extended Security updates.
If you are using a Microsoft Account, then Windows 10 automatically backs up your settings by default, unless you have disabled this feature in the Settings. If you are backing up your settings, you will be told you can receive Extended Security updates for free.
However, if you are not backing up your Windows settings, you will then be shown the different options you can use to enroll in ESU, including enabling backups, using reward points, or paying $30.
It should be noted that you can enable Windows backup at any time to get ESU updates for free by going to Settings > Accounts > Windows Backup and enabling the first toggle under “Remember my preferences.”
If you are backing up Windows settings, click on the Enroll button to continue. Otherwise, select the enrollment option and click Next.
Source: BleepingComputer
If you are not using the free option, you will now see a screen asking you to either use your reward points or a credit card to complete the purchase. Click on either the Purchase or Redeem button to complete the enrollment.
Source: BleepingComputer
Regardless of whether you received them for free, redeemed points, or purchased the license, you will now see a screen stating that your device is enrolled in the Windows 10 ESU program through October 13, 2026, when it ends.
Microsoft will also suggest that you back up your device using the Windows Backup program, but this is optional.
Source: BleepingComputer
You can now click on the Done button to close the enrollment wizard.
Your device is now enrolled in the Windows 10 ESU program, which is confirmed in Windows Update, as shown below.
Source: BleepingComputer
Windows 10 ESU in the enterprise
This article will not cover enrolling business devices in the Extended Security Update (ESU) program, as that process is more complicated.
For organizations, enrolling in the ESU program requires purchasing licenses through Microsoft Volume Licensing or Cloud Solution Provider partners. Each device must then be activated with a unique ESU key and managed using tools such as Intune, WSUS, or Configuration Manager.
For more information on enrolling Windows 10 devices into ESU in an enterprise environment, you should review this Microsoft support article.
Microsoft also announced this week that Windows 10 devices accessing Windows 365 Enterprise Cloud PCs and Windows 365 Frontline Cloud PCs can also receive free enrollment into the ESU program.
If you are interested in learning more about modern patch management solutions, BleepingComputer has a webinar next month titled “Winning the 2026 vulnerability race: Closing the gap between detection and remediation” that focuses on patch management in the enterprise, including Windows and other applications.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.