The Security Compromise that Comes with Windows 10 End of Support

On April 27, 2023, Microsoft announced the end of support for Windows 10, making 1022H2 the final version of the operating system. In the announcement, Microsoft outlined that Windows 10 will continue to have monthly security updates until October 14, 2025. In preparation for terminating support, Microsoft wrote: “We highly encourage you to transition to Windows 11 now as there won’t be any additional Windows 10 feature updates.”

This announcement presents customers with two choices: Stay on Windows 10 for the time being, or begin planning for an enterprise-wide upgrade to Windows 11. For customers that rely on Microsoft to protect their attack surfaces, migrating operating systems isn’t only an IT decision — it’s also a security decision. 

Microsoft security features, including Microsoft Defender, are delivered as built-in components of Microsoft operating systems. These features vary across versions and editions. Microsoft’s security model remains heavily reliant on signature-based detections, leaving customers with limited protection against zero-days, unknown malware, malware-free attacks (now 71% of all attacks) and identity-based attacks (now 80% of attacks). 

Binding customers to operating system releases for security features and an overreliance on legacy models of threat detection can force Microsoft’s customers to compromise in three critical ways: weaker security coverage across attack surfaces, increased complexity in managing and operating security products, and ultimately, the potential catastrophe of a security breach.

Compromises on Security Coverage 

With Microsoft, customers face the risk of inconsistent security coverage across critical attack surfaces wherever endpoints in their environments are running different operating systems (or varying editions of the same OS). According to industry statistics, enterprises are increasingly using endpoints with operating systems beyond Microsoft, as macOS, Chrome and others continue to gain market share.1 Protecting all of these potential attack surfaces is critical to staying ahead of the adversary and stopping breaches. 

Microsoft remains limited in operating system coverage, securing the latest Microsoft operating systems but offering limited coverage across legacy Microsoft operating systems, and operating systems like Mac and Chrome and Linux distributions.

Furthermore, Microsoft’s extensive use of signature-based antivirus technology risks leaving customers vulnerable to advanced attacks that don’t have existing signatures or avoid code execution altogether. In choosing a security vendor, it is essential for customers to take into account the potential cost of breach and the resulting impact to their organization’s reputation from outdated security coverage. 

Increased Operational Complexity and Costs

Migrating operating systems can generate major operational costs for organizations, from the need to divert IT staff to planning migrations, to the additional costs of acquiring new hardware that meets the requirements of the new OS (such as the requirement that PCs offer Trusted Platform Module [TPM] 2.0 support to run Windows 11).

There’s also the issue of downtime due to the need to reboot devices across the enterprise to fully activate new features. Security teams often need to activate dozens of security policies across multiple consoles to ensure comprehensive feature activation. This can be a massive disruption to workflow and productivity. In combination, ongoing interruptions and recurring updates can result in significant downtime for organizations and extended timelines for rolling out new security updates, both of which are aggravated when scaling operations to enterprise fleets of hundreds of thousands or even millions of endpoints. 

Inherent to Microsoft’s OS-bound security model is a resulting operational dependency on additional IT resources that security teams need for onboarding endpoints and managing security updates. Customers that leverage Microsoft security tools may encounter this when deploying Microsoft’s annual, monthly and even daily updates (in the case of signature updates). 

For smaller organizations that leverage Microsoft security services, the burden of managing these updates may fall on security teams that often lack the specialized knowledge and experience to execute OS updates efficiently, and, above all, whose attention is then diverted from managing other security initiatives. All of these factors have likely contributed to the limited adoption of Windows 11 among the Windows install base since its launch just over a year and a half ago. It’s estimated that less than 1 in 6 (15.44%) of the Windows install base is running Windows 11, with nearly three quarters (71%) of the market still running Windows 10.2 

Security Coverage Gaps Can Lead to Catastrophic Breaches 

Customers facing security coverage gaps across their attack surface combined with increased operational complexity can be at greater risk of suffering a catastrophic security breach. In an evolving threat landscape where adversaries are constantly looking for new vulnerabilities to exploit and new ways of evading detection, having a trusted security partner is essential. Security vendor selection is critical in mitigating and reducing the cyber risk introduced into an environment by technology vulnerabilities and sophisticated attacks from adversaries. 

When CrowdStrike’s IR team investigates a Microsoft customer that has been breached, 75% of the time Microsoft Defender has been bypassed. Compounding this is the ever-growing number of patches issued by Microsoft to address vulnerabilities in its own products — including over 900 patches and 30 zero-days in 2022 alone.3 A recent report by the Cybersecurity and Infrastructure Security Agency (CISA) tied 9 of the 15 most exploited vulnerabilities to the Microsoft portfolio. 

This raises the question: Are you willing to accept the risk and cost of a breach by trusting a company to protect against exploitation of a vulnerability when it created the same vulnerability in the first place?

The CrowdStrike Approach 

At CrowdStrike, we’re on a mission to stop breaches and protect our customers against increasing adversary sophistication. As the attack landscape evolves, CrowdStrike is committed to delivering the innovation needed to keep organizations secure. With CrowdStrike, customers can increase cyber resilience by getting industry-leading efficacy and protection across the entire enterprise, while increasing their security team productivity by consolidating multiple products into a single, powerful platform. The CrowdStrike difference includes: 

  • Full OS Coverage with Extended Support: The CrowdStrike Falcon® platform delivers consistent coverage across customer endpoints, regardless of OS edition or version, with support for Windows, Linux and macOS systems, and extending with native XDR support for ChromeOS. CrowdStrike doesn’t limit support for technology based on OS release, offering extended life cycle support for discontinued Windows versions to ensure customers receive the latest protection coverage and minimize disruptions as they transition to new versions on a timeline that suits their needs for no additional cost.
  • Rapid Deployment at Enterprise Scale: CrowdStrike’s cloud-native architecture enables customers to onboard with speed and scale, with many customers deploying our Falcon agent to thousands of endpoints in a matter of minutes, without needing to purchase hardware or standardize their environment operating systems. Upon deployment, every agent is automatically provisioned with recommended security settings that customers can centrally manage in the Falcon console. 
  • AI-Powered Protection against Advanced Threats: CrowdStrike leverages world-class AI, advanced behavioral analysis and our industry-leading threat intelligence to deliver proactive and adaptive threat detection against modern attacks, including unknown threats, identity-based attacks and malware-free attacks. 
  • Frictionless Updates that Fuel Operational Agility: CrowdStrike delivers automatic updates to the single, lightweight Falcon agent to globally enforce the latest protections across customer fleets, without requiring teams to reboot endpoints or manage updates.   

Additional Resources 

Related Content