Surprise new offer from Microsoft
Update: Republished on May 13 with reaction to Microsoft’s u-turn and a Patch Tuesday full of active exploits — a timely warning not to lose security support.
No one saw this coming. Microsoft’s campaign to push Windows 10 users to upgrade to Windows 11 had been heading in just one direction. Until now. The Windows-maker has suddenly and quietly changed a critical deadline, which will surprise the 700 million PC owners yet to move to Windows 11.
In January, I reported on yet another Microsoft deadline to push Windows 10 users to take the free Windows 11 upgrade. While some 240 million users don’t have a new enough PC to run the latest OS, hundreds of millions can upgrade but are currently choosing not to — albeit that number is reducing month-by-month.
This deadline hit apps rather than the OS itself. “Microsoft 365 Apps will no longer be supported after October 14, 2025, on Windows 10 devices,” the company said. “To use Microsoft 365 Applications on your device, you will need to upgrade to Windows 11.”
In a support document, the company confirmed “Microsoft 365 apps will no longer be supported on Windows 10 after it reaches end of support,” just as “Microsoft 365 apps are no longer supported on Windows 7, Windows 8 or Windows 8.1 now that these operating systems have reached their end of support dates.”
That particular support document had not been changed at the time of writing. But as spotted by Neowin, “it looks like Microsoft has had a big change of heart. On a Tech Community blog post about Windows 10 extended security updates (ESU) it recently updated, the company has confirmed that Microsoft 365 apps will be supported for another three years till 2028. Neowin noticed this new addition while browsing.”
That browsing hit on a different, newly updated support document, in which Microsoft says “to help maintain security while you transition to Windows 11, Microsoft will continue providing security updates for Microsoft 365 Apps on Windows 10 for three years after Windows 10 reaches end of support. These updates will be delivered through the standard update channels, ending on October 10, 2028.”
Microsoft warns that “using an unsupported OS can cause performance and reliability issues when running Microsoft 365 Apps. More interestingly, although “if the issue occurs only with Microsoft 365 Apps on Windows 10, with or without Windows 10 Extended Security Updates, and doesn’t occur on Windows 11, support will ask the customer to move to Windows 11,” Microsoft also says “if the customer is unable to move to Windows 11, support will provide troubleshooting assistance only; technical workarounds might be limited or unavailable.”
That comers across as a direct shout-out to the 240 million Windows 10 users who don’t have a TPM 2.0 PC and so can’t accept the free Windows 11 upgrade today. The primary issue for those users is security, and this has now been resolved for Microsoft 365 apps. Unlike the current plan for a Windows 10 ESU, this update extension offer is free.
“To help maintain security while you transition to Windows 11,” Microsoft now says it “will continue providing security updates for Microsoft 365 Apps on Windows 10 for three years after Windows 10 reaches end of support. These updates will be delivered through the standard update channels, ending on October 10, 2028.”
This will come across as a soft three-year extension for those users to extend a move and to hold off buying a new PC. More critically, it also signals that Microsoft is bedding down for a prolonged period of Windows 10 users running PCs with no support.
It will now be less of a surprise to see other concessions as October 14 approaches. Is there to be a critical security update reprieve for all those users without the need to pay $30? A change of direction to avoid the impending cyber nightmare?
“Earlier this year,” PC Mag points out, “Microsoft said it would end support for 365 Office apps within Windows 10 on Oct. 14, 2025 alongside formal support for the aging OS itself. The company has now reversed that decision and will give Microsoft 365 apps on the platform three more years of support. The company quietly announced the change for Office on Windows 10, which impacts apps like Excel, Outlook, Teams, Word, and more. The new deadline is set for Oct. 14, 2028.”
The fact this may signal a softening of Microsoft’s hardened stance on Windows 10 has been welcomed. “Microsoft loosens the noose on Windows 10 users with new end-of-support timeline,” says Laptop Mag. “Windows 10 users have a little more room to breathe, following a rare end-of-support U-turn by Microsoft.” The downside, of course, is that this is “just not the one they’ve been hoping for.”
Meanwhile, XDA Developers suggests “Microsoft 365 might’ve just given you another excuse to stay on Windows 10 for three more years,” adding that “in a turn of events, it looks like the company ended up changing course, and might end up letting you stick with Windows 10 after all.” Not Microsoft’s intention, but it could be the result.
“The policy is a change from a few months ago,” Ars Technica agrees, “when Microsoft insisted that Office apps running on Windows 10 would become officially unsupported on October 14.” In addition to the 365 apps, “perpetually licensed versions of Office will be supported in accordance with Microsoft’s ‘Fixed Lifecycle Policy, which guarantees support and security updates for a fixed number of years after a software product’s initial release. For Office 2021, this means Windows 10 users will get support through October of 2026; for Office 2024, this should extend to October of 2029.”
However, as XDA Developers points out, “Microsoft quietly extending when 365 apps lose support doesn’t mean the company will get off users’ backs about updating to Windows 11. The tech giant still says that though 365 apps like Word will continue to function even after Windows 10 loses support, an ‘unsupported’ operating system can cause performance and reliability issues when running Microsoft 365 Apps.So, the only difference here really is that you’ll keep getting security updates for Microsoft 365 apps if you choose not to make the jump, but Microsoft still wants that jump to happen sooner rather than later.”
All of which means this alone is not enough, and so the advice on what do to in October includes ditching Windows for Linux. That’s the goal of End Of 10. “If you bought your computer after 2010,” the campaign’s website says, “there’s most likely no reason to throw it out. By just installing an up-to-date Linux operating system you can keep using it for years to come. Installing an operating system may sound difficult, but you don’t have to do it alone. With any luck, there are people in your area ready to help!”
“End of 10 isn’t just a haphazard collection of rah-rah for Linux,” ZDNet says, “but rather a well-thought-out resource to help users find a way to keep their computers running without having to pay Microsoft or worry their operating system is going to fall out of support, leaving them unprotected… It’s a movement that hopes to help users avoid the added burden of purchasing a new computer, bring them together with a sense of community, and avoid another onslaught of PC waste from piling up.”
Expect much more of the same over the next 5 months, as we watch to see if Microsoft makes any other u-turns for the 700 million Windows 10 users now clock watching. And with perfect timing, hot on the heels of the office apps support extension comes a reminder as to why no user should let a PC fall off security support.
This month’s Patch Tuesday “includes security updates for 72 flaws,” reports Bleeping Computer, “including five actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also fixes six ‘Critical’ vulnerabilities, five being remote code execution vulnerabilities and another an information disclosure bug.”
Cyber Security News warns “the updates cover a wide range of software, including Windows, Microsoft Office, Azure, Visual Studio, and more, urging users and administrators to apply patches immediately to mitigate potential risks. Out of 72 vulnerabilities, Microsoft fixes 29 Remote Code Execution, 18 Elevation of Privilege, 14 Information Disclosure, 7 Denial of Service, 2 Spoofing, and 2 Security Feature Bypass.”
Per Fortra’s Tripwire, the actively exploited and already disclosed CVEs are as follows:
“CVE-2025-32706
A vulnerability in the Windows Common Log File System (CLFS) Driver could allow a malicious actor to elevate their privileges to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.
CVE-2025-32701
A vulnerability in the Windows Common Log File System (CLFS) Driver could allow a malicious actor to elevate their privileges to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.
CVE-2025-30400
A vulnerability in the Microsoft DWM Core Library could allow a malicious actor to elevate their privileges to SYSTEM. Microsoft has reported this vulnerability as Exploitation Detected.
CVE-2025-32709
A vulnerability in the Windows Ancillary Function Driver (AFD) for WinSock could allow a malicious actor to elevate their privileges to Administrator. Microsoft has reported this vulnerability as Exploitation Detected.
CVE-2025-30397
A vulnerability in the Scripting Engine could allow a malicious actor to trick a user running Edge in Internet Explorer mode into clicking a malicious link that would execute code. Microsoft has reported this vulnerability as Exploitation Detected.
CVE-2025-32702
A vulnerability in Visual Studio could allow a malicious actor to convince a user to download a malicious file, which will cause code execution on the local system due to command injection. Microsoft has reported this vulnerability as Exploitation Less Likely.
CVE-2025-26685
A vulnerability in Microsoft Defender for Identity Spoofing could be exploited by an attacker with access to the local network. Microsoft has stated that no action is required to remediate this vulnerability but suggests if you have disabled NTLM completely in your environment and would like to keep using this feature, you should open a support case. Microsoft has reported this vulnerability as Exploitation Unlikely.”
