Aktuelles
Windows 10 EOL: A danger for enterprises, the golden ticket for infostealers
April 2025 by Vakaris Noreika, a cybersecurity expert at NordStellar
Windows 10 will reach end of life on October 14, 2025, creating a critical security inflection point for businesses delaying migration to Windows 11. Findings from NordStellar, a threat exposure management platform, reveal that 59% of systems affected by infostealers in December 2024 still run Windows 10 — putting a large pool of machines at greater risk of effective attacks as the operating system eventually ceases to receive technical support.
Percentage of operational systems compromised by infostealers.
"The number of systems affected by infostealers closely mirror the overall operational system market share — Windows 10 has been heavily targeted for years due to its popularity. However, it will have an even bigger target on its back in the wake of its end of life, which will eventually create new vulnerabilities," says Vakaris Noreika, a cybersecurity expert at NordStellar. "Once an operational system reaches this deadline, it no longer receives any security updates, vulnerability patches, or support from the software creator. These vulnerabilities are widely known and often exploited — infostealers can be coded to target these weaknesses more efficiently, resulting in more effective attacks against outdated systems."
Businesses aren’t migrating fast enough
Market share data and NordStellar findings on systems affected by infostealers reveal that the Windows 11 adoption rate has been increasing since November 2024. Noreika points out that despite the growing numbers, the adoption rate is still too low at this point, meaning many enterprises are still at risk.
"Migrating to a new operational system takes time — based on the current adoption rate, we estimate that approximately 30-40% of systems may still be running Windows 10 when it reaches end of life in October, creating a substantial attack surface for cybercriminals," says Noreika. "We saw a similar pattern of delayed migration with Windows 7. Six months until the operational system’s end of life, it held a 23% market share. When the deadline finally arrived in July 2020, its market share dropped by just 3%, lowering its dominance to 20%."
Noreika says that almost five years later, Windows 7 holds a 2% market share and is still being targeted by infostealers, which successfully exploit the operational system’s vulnerabilities to compromise user devices and steal data.
The hefty hidden price of delayed migration
According to Noreika, infostealers are just the tip of the iceberg regarding threats emerging from outdated operational systems vulnerabilities. Malware and new data exfiltration and exploitation techniques are some of the concerns enterprises should bear in mind if they’re still dragging their feet to migrate to Windows 11.
"Considering just how many enterprises might still be running Windows 10 after its end of life, there’s a high possibility that we’ll see a growth in various cybersecurity incidents if businesses continue to delay migration. Outdated operational system vulnerabilities will act as a helping hand in increasing the effectiveness of cyberattacks that can result in data leaks. Taking into account the financial and reputational losses that come with a data breach, delaying migration can be a decision that eventually costs the company millions of dollars and their client’s trust, which will take years to regain," Noreika says.
Aside from accelerating migration efforts, Noreika highlights investing into cybersecurity awareness training for employees, building a comprehensive cybersecurity strategy, and keeping a close eye on the company’s attack surface and the dark web for potential data leaks as the key components in safeguarding the enterprise from cyberattacks.
