If you’re running a Windows 10 PC, make sure you download the latest update right now. We’re understanding more of what this month’s Patch Tuesday is fixing, and the six actively exploited vulnerabilities could affect up to 240 million people.
In fact, and this one is so important, America’s Cyber Defense Agency has put out quite a stark message: update before April 1st, or just turn off your computer to be safe.
Let’s take a closer look at this and understand the more critical problem that is slowly becoming more present for people sporting Redmond’s older OS with no way to upgrade.
The dirty dozen
Microsoft is ending Windows 10 security updates this October. If you're keen to keep using your computer, one of the best antivirus software options is your best defense.
Did I say “six active attacks” before? Well, that’s sort of true, but there are another six critical flaws that Microsoft is stomping out. However, these are the actively exploited vulnerabilities to worry about right now (please excuse the catchy names):
- CVE-2025-24993: This is a common buffer overflow exploit. In simple terms, cybercriminals take advantage of a coding error and overload your system memory with more, which overwrites your current system memory.
- CVE-2025-24991: If an unsuspecting user mounts a nefarious virtual hard disk (VHD), this bug allows a hacker to read all of your data (even all the out-of-bounds stuff).
- CVE-2025-24984: This exploit allows an attacker to record all sensitive information into a log file for them to take. While it’s a concerning one, it does require the hacker to physically access your computer.
- CVE-2025-26633: A simple (but risky) bypass flaw in the Microsoft Management Console.
- CVE-2025-24985: This one also requires the hacker to convince a user to mount a VHD of their own volition. But once done, there is a privilege escalation flaw that can be exploited to take over the victim’s entire computer.
- CVE-2025-24983: This is a system-level exploit where a hacker can run a specially crafted program that exploits the Kernel Subsystem of Windows to give an attacker top privileges to your system.
So far, as The Register reports, more than 600 organizations have been hit by just one of these, so there’s a very real risk more are, too. As for the remaining six, these are a series of sensitive data exploits, remote desktop client risks and vulnerabilities through Office documents.
A ticking time bomb?
I know that sub-headline is a little dramatic, but let me explain. You see, the fix for these is simple now: just update your system. But Microsoft has confirmed that security updates for Windows 10 will end on October 14th — with Redmond’s position being that you should move to Windows 11.
The warning is clear whenever you update your PC, stating that “support for Windows 10 will end in October 2025. After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.”
While the mass upgrade is in process — with a roughly 60/40 split between Windows 10 and 11 users and 2% moving to the latter each month — here’s the problem. Canalys Research has run the numbers and seen that there are 240 million users with a PC that does not support the current version of Windows.
For starters, that is going to be a catastrophic landfill problem. An estimated 1.1 billion pounds of computing equipment would be thrown out, which is the equivalent of a whopping 320,000 cars. Ultimately, that level of migration to Windows 11 is just too slow. Potentially, hundreds of millions of people will be vulnerable if Microsoft doesn’t do one of the following:
- Continue security updates
- Change compatibility of Windows 11 to allow for these PCs to hop over
People’s private data is at risk. Please, Redmond. Do the right thing here.
More from Tom's Guide
- Introducing NymVPN – could this be the world's most secure VPN?
- Thousands of TP-Link routers have been infected by a botnet to spread malware
- Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
