Windows 10 End of Life: The risks to your research

Published: October 3, 2025

Researcher typing on a keyboard with an overlay, "Windows 10 end of life"

Why this matters now

Windows 10 stops receiving security updates (also known as end of life) on October 14, 2025 (unless devices are in the Microsoft’s Extended Security Updates “ESU” program). Microsoft 365 Apps (Word, Excel, etc.) will still receive security updates on Windows 10 until October 10, 2028, but the operating system itself remains unsupported.

How can I check my Windows version?

Microsoft provides several ways to confirm which version of Windows your device is running. For more information, please visit: What version of Windows am I running? (microsoft.com)

Identified risks

Vulnerability risk

  • After support ends, new security flaws won’t be fixed, which makes these devices easier to break into.
  • Some software and drivers may stop supporting Windows 10, which can make it harder to keep these devices monitored and other components updated.
  • ESU provides security fixes only (no feature updates or regular support), so it’s a short-term bridge, not a long-term solution.

  • Create an inventory of devices where Windows 10 is still in use (especially lab instruments and any device with admin [privileged] access).
  • Decide for each: (1) update to Windows 11, (2) use ESU for a limited time, or (3) limit/isolate its network access.
    • For (3), please consult with your local IT or Information Security on how to adequately isolate the unsupported system from the Internet and other network devices.

Intellectual property theft risk

  • Older, unsupported devices are easier starting points for attackers to gain access and move into other research systems, risking code, datasets and draft manuscripts.
  • The Government of Canada highlights the need to safeguard research from theft and interference; keeping outdated systems increases that exposure.

  • Find Windows 10 devices tied to high-value projects, shared storage or cloud admin roles.
  • For any device that must stay on Windows 10:
    • Securely transfer any confidential or sensitive data to a sufficiently secured device which is still receiving updates,
    • Require strong sign-in (e.g., single sign on [SSO], multifactor authentication [MFA], passkeys) and limit access to the device, whether from users or other devices.

Compliance risk

  • Research agreements often require “reasonable” or “industry-standard” safeguards, responsible handling of non-public/confidential data, and regular/timely security updates (including flaw remediation).
  • Using an unsupported system may conflict with these requirements, may require notifying the sponsor or data provider, and in some cases could be a material breach.

Review your agreements.
  • Check active data sharing/transfer/use agreements and funding terms for any “supported software” or patching requirements. Flag affected projects that still rely on Windows 10.
Where such a requirement exists:
  • Upgrade project devices to Windows 11 where possible.
  • Move project data to a supported, secured device that is still receiving updates.
    • Confirm with your local IT or Information Security that the new device meets the agreement’s requirements.
  • If Windows 10 must remain temporarily, confirm with the sponsor/data provider whether the temporary ESU plus other mitigations are acceptable.
    • Create and implement an upgrade/transition plan to supported devices.

Recap

  1. Identify

    • List any Windows 10 devices used in your project (including lab instruments and shared workstations).
    • Note who uses them and what project data/systems they access.

  2. Triage

    • Decide for each device: Upgrade to Windows 11, use ESU for a short time, or limit network use until retirement.
    • Prioritize systems that handle confidential/sensitive data or have strict sponsor terms.

  3. Confirm

    • Check your agreements for “supported systems,” “regular security updates,” or similar language.
    • If Windows 10 must remain temporarily, ask the sponsor/data provider if ESU plus extra mitigations (e.g., strong sign‑in, encryption, limited network access) are acceptable.
    • Confirm with local IT or Information Security that any replacement device or mitigation meets the agreement’s requirements.

  4. Implement

    • Upgrade to Windows 11 or move project data to a supported, secured device that still receives updates.
    • For any temporary Windows 10 devices: apply mitigations (e.g., strong sign‑in, least access, encryption, limited network connectivity) and set a retirement date.
    • Document your plan, timelines, and who’s responsible; inform your team/partners as needed.

Support

Local IT

Your local IT contact information can be found at services for faculty & divisions or on your departmental/divisional website.

Research Information Security Program

The Research Information Security Program is available for consultations and other support services.

Related articles

Laptop receiving a new email that contains a potential phishing attack.

Think before you click: Phishing awareness at U of T

October 7, 2025
Desktop computer screen showing an alert for an update with the background showing the Windows 10 logo.

Microsoft Windows 10 End of Life guidance

October 6, 2025
A traveler in an airport terminal wearing a straw hat, red jacket, and scarf, using a laptop and smartphone with luggage beside them.

New Security Awareness and Training module: Digital security for travel

October 2, 2025