Microsoft has quietly expanded its Windows 10 Extended Security Updates (ESU) program, allowing consumers to receive critical security patches through October 12, 2027, an additional year beyond the program’s originally planned expiration date of October 12, 2026.

Windows 10 officially reached its end of support on October 14, 2025, leaving millions of users globally exposed to potential vulnerabilities without security patches. To ease the transition to Windows 11, Microsoft had initially launched the consumer ESU program to provide a one-year security bridge through October 2026.

However, recognizing that a large portion of the user base has not yet migrated, Microsoft has now silently updated its ESU program page to extend coverage by an additional full year. Users who are already enrolled need not take any action; their coverage automatically continues through the new end date.

What Is the Windows 10 ESU Program?

The Extended Security Updates program provides enrolled Windows 10 devices with critical and important security updates as classified by the Microsoft Security Response Center (MSRC). The program exclusively covers Windows 10, version 22H2, including Home, Professional, Pro Education, and Workstations editions.

Importantly, ESU enrollment does not include feature updates, product enhancements, or access to technical support. Its sole purpose is to reduce exposure to malware and cyberattacks during the transition period.

To qualify for the consumer ESU program, devices must meet the following requirements:

• Must be running Windows 10, version 22H2 (Home, Pro, Pro Education, or Workstations edition).
• Must have the latest Windows updates installed prior to enrollment.
• The Microsoft account used to sign in must have administrator privileges.
• The Microsoft account cannot be a child account.
• Devices in kiosk mode, joined to an Active Directory domain, or enrolled in a Mobile Device Management (MDM) solution, are ineligible for the consumer ESU program.

Microsoft offers three enrollment tiers for the consumer ESU program:

• Free — for users who have PC Settings Sync (Windows Backup) enabled.
• 1,000 Microsoft Rewards points are redeemable for enrollment.
• $30 USD (one-time purchase, plus applicable local taxes) for users without Rewards points or sync enabled.

A single ESU license can be applied to up to 10 devices under the same Microsoft account, making it a cost-effective option for households with multiple Windows 10 machines.

Enrolling is straightforward: navigate to Settings > Update & Security > Windows Update. If the device meets all prerequisites, an “Enroll now” option will appear under the end-of-support notification. Users signing in with a local account will be prompted to authenticate with their Microsoft account to complete enrollment.

Security professionals and IT administrators should treat this extension as a temporary risk-mitigation measure, not a permanent solution. Unenrolled devices running Windows 10 remain highly vulnerable to exploitation, ransomware, and zero-day attacks without active patch coverage.

Organizations managing enterprise deployments should evaluate the commercial ESU pathway or accelerate Windows 11 migration planning to avoid compounding technical debt and security exposure.

Windows Secure Boot Certificates to Expire – What IT Teams Should Do Before the Deadline.