The Winpocalypse is just like Y2K â in the sense that probably nothing will happen. But that's about where the comparison ends.
Kids these days seem to believe that Y2K was a bunch of nothing, and we all panicked at the prospect of the calendar switching over from 19xx to 20xx, when in the end, little actually happened. I, being an old, was there â and the panic was real. Furthermore, the work to prevent a widespread Y2K disaster was also real, and immensely expensive. I and my then-fiancĂ©e were both working in IT, and Y2K mitigation was on our radar since at least 1997. It was our primary focus for the last six months of 1999. So, yes, Y2K didn't trash society in the way people worried, but only because we spent billions of dollars and thousands of person-years of effort to avert catastrophe. You're welcome.
Now, we're nervously staring down the barrel of a new disaster for a new era, the end-of-life of Windows 10. Win10 goes EOL (end of life) on October 14, 2025, which is uncoincidentally next Microsoft Patch Tuesday. I spent some time discussing this in Undead by design, our new research report about EOL operating systems, and throw around terms like "Winpocalypse" and "Windogeddon" (I haven't decided which one is a better portmanteau) to describe life for IT administrators on October 15.
The thing, though, is that unlike Y2K, EOL doesn't mean instant crashes, breaches, or other big, obvious disasters. EOL creeps up on you. Unlike humans, computers don't just shuffle off this mortal coil when they go EOL; they persist, acting the same as they did before EOL day.
Problems start to crop up only when there's revealed a security issue with the EOL OS that the vendor decides not to patch. This might come as a research finding, or it might manifest as a zero-day attack. In the case of an zero-day on Win10, it might turn into a forever-day, if Microsoft decides, continuously, to withhold a fix for general deployment.
But the fact is, this worst-case scenario is unlikely to happen. Microsoft lives in the same world as us, and if something truly horrific pops off, I'm confident that a fix will be distributed. We saw this most dramatically with WannaCry, the weaponization of EternalBlue, which attacked SMBv1 the world over. While SMBv1 was an optional component of the then-newish Windows 10 OS, and the stable Windows 7, Microsoft also delivered a fix to the very-EOL Windows XP. Microsoft has, and can, definitely act after the deadline passes.
Win10 on life support? #
On top of this, there's reporting from Risky Business that Microsoft is offering Extended Security Updates (ESUs) for all European Windows 10 customers for free, personal and enterprise alike. While this offer still seems unofficial, it's likely true. This tells me it's possible for Microsoft to offer similar coverage for everyone if things go south.
Unfortunately, Windows 10 will still certainly go EOL on October 14. Right now, US customers are still on the hook for a $61 license for ESUs, and many are unlikely to bother until the disaster is already upon them.
I wouldn't be surprised if Microsoft backtracked even on this paid US offering at the last minute. It's hard to get people to pay for security software even in the best of times, because it's always a grudge buy, like car insurance or disaster recovery. Nobody actually wants insurance products or burglar alarms or backup tapes, but they buy these products because they feel they have no other choice. If Microsoft figures that the reputational cost of seeming to extort customers outweighs the cost of just extending support for everyone, theyâll back off. So, unlike with Y2K, we couldnât negotiate with Father Time, but we can with Uncle Nadella.
It's important to note that being EOL, even with an ESU guarantee of critical security fixes, isn't a great place to be in. Microsoft very much wants to focus effort on Windows 11 and beyond, so it's likely that support for Windows 10 is already degraded; nobody in Redmond wants to spend time on merely mid-level security issues (either discovering them or fixing them) for a nearly-dead OS. This leads to a level of complacency that increases the day-to-day risk of running these barely-hanging-on OSes.
How to find Windows 10 OSes with runZero #
Hopefully, this blog post isn't news for you. If it is, you really need to act now. If you're a runZero customer, you can run a quick Asset check for Windows 10 with the straightforward query:
os:="Microsoft Windows 10%"That'll give you a sense of how much of your infrastructure is about to hit Windows 10âs EOL deadline. Ideally, you've already started the process of upgrading, making sure your critical applications are compatible with Windows 11, or finding out if there are alternatives in case theyâre not. The best time to act on all this was a year ago. The second best time is right now.
Not a runZero user? Fret not, the runZero Community edition is entirely free, ideal for home use and environments that have fewer than 100 assets. If you need more than that, you can upgrade your account.
So, while a dramatic end of the world scene is unlikely to play out at the stroke of midnight, just like what didnât happen with Y2K, the challenge of working around Win10âs EOL will take some time and heroic effort on all our parts. Just like Y2K.
Ninja edit: By the way, the year 2038 is closer than you think! Just planting that there for now.
Hungry for more brains? #
We get it â once youâve had a taste of insight, youâre starving for more. Feed that curiosity with our latest research report:
In "Undead by design" the runZero research team benchmarks the prevalence of EOL assets across U.S. enterprises and uncovers the industries carrying the heaviest burden. Learn how unsupported systems quietly expand organizational risk and why defenders need visibility now more than ever.
