Technology
Windows 10 security flaws leave millions vulnerable
Windows 11 is the latest and greatest operating system from Microsoft, but it has its flaws, so much so that even four years after its release, some people are sticking with older versions. Windows 10 remains the operating system of choice for many, even though Microsoft has shifted its focus entirely to Windows 11. In fact, the Redmond-based company will end security updates for Windows 10 this October.
If that’s not enough to push you toward upgrading, the latest news might be. The 240 million Windows 10 users are vulnerable to dozens of security vulnerabilities, six of which are reportedly already being exploited by bad actors.
STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S ‘THE CYBERGUY REPORT’ NOW
A person typing on a Windows laptop (Kurt “CyberGuy” Knutsson)
Critical Windows 10 security flaws exploited
The vulnerabilities in question were part of a recent Microsoft Patch Tuesday update, a monthly release where the company addresses security flaws. In this case, six specific exploits were identified as being actively used by hackers to target Windows 10 systems. These exploits are particularly alarming because they are already in the wild, meaning attackers are leveraging them to compromise systems before all users have had a chance to update their devices.
The affected population, estimated at 240 million, refers to users whose PCs cannot upgrade to Windows 11 due to hardware limitations, such as lacking TPM 2.0 (Trusted Platform Module) or other system requirements.
The six exploits include a mix of flaws that allow hackers to achieve various malicious outcomes, such as executing arbitrary code, escalating privileges to take full control of a system or bypassing security features.
For example, one exploit might overload system memory to overwrite critical data (a buffer overflow), while another could allow attackers to access sensitive information by exploiting a flaw in the Windows Kernel. These vulnerabilities are especially dangerous because they can be triggered remotely or through seemingly innocuous actions, like opening a malicious file or mounting a compromised virtual hard disk.
Windows laptop (Kurt “CyberGuy” Knutsson)
CLICKFIX MALWARE TRICKS YOU INTO INFECTING YOUR OWN WINDOWS PC
A fix is there (for now)
Microsoft has released patches to address these issues, and America’s Cyber Defense Agency has urged users to update their systems immediately, ideally by this month, or risk severe consequences. The agency even suggested turning off unpatched computers as a precaution. Updating to the latest Windows 10 patch is the simplest and most effective way to protect against these exploits right now.
However, a bigger problem looms later this year. Microsoft will officially end free security updates for Windows 10 on October 14, 2025. After that, systems running Windows 10 will no longer receive critical security patches, unless users enroll in Microsoft’s Extended Security Updates (ESU) program.
This ESU program will be available to individual users for the first time and will cost $30 per device for one additional year of updates. It’s designed to give users more time to transition, especially those who can’t upgrade to Windows 11 due to hardware limitations. While this offers a temporary reprieve, it’s not a long-term solution; the ESU program will only extend support for a limited time (typically three years in enterprise settings) and prices may increase annually.
The scale of the problem remains significant. Millions of devices lack the hardware requirements for Windows 11, such as TPM 2.0 and newer CPUs, making the shift costly or impractical for some. Analysts warn this could contribute to a surge in electronic waste, unless recycling and repurposing efforts improve dramatically.
RELENTLESS HACKERS ABANDON WINDOWS TO TARGET YOUR APPLE ID
How to keep your Windows devices up to date
If you’re a Windows 10 user, the immediate step is to ensure your system is updated with the latest patches. Follow the steps below to do that:
- Select Start
- Click Settings
- Click Windows Update
- Click Check For Updates
- If a feature update is available for your device, it will appear separately on the Windows update page
- To install it, click Download and Install now
Windows update (Kurt “CyberGuy” Knutsson)
MICROSOFT SETS MAY END DATE FOR SKYPE AFTER 14-YEAR RUN
3 additional ways to stay safe from Windows vulnerabilities
1) Use strong antivirus software: Even with the latest patches, no system is entirely immune to threats. Strong antivirus software can act as a second line of defense, detecting and neutralizing malware that exploits vulnerabilities before they cause harm. Look for solutions with real-time protection and frequent updates to tackle emerging threats. While this won’t fix unpatched system flaws after October 2025, it can reduce risks from common attack vectors like phishing or malicious downloads. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features (like Microsoft Edge or Chrome with Safe Browsing enabled).
3) Plan for the future: The clock is ticking on Windows 10’s security updates. If your hardware can’t handle Windows 11, weigh your long-term options. Buying a new PC might be inevitable, but you could also explore alternatives like Linux, which offers free, secure operating systems (e.g., Ubuntu or Linux Mint) that run well on older hardware.
Kurt’s key takeaway
The road ahead for Windows 10 users is anything but smooth. With critical vulnerabilities emerging and official support coming to an end, millions are being pushed into a difficult decision. They can upgrade their hardware, pay for temporary patches or continue using increasingly vulnerable systems. As October draws closer, the risks will only increase. Updating your system is essential, but it’s just a short-term measure. Now is the time to start preparing for what comes after, before the window of protection closes for good.
Do you think tech companies are doing enough to prevent hackers from obtaining your data? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
After briefly going dark in the US to comply with the divest-or-ban law targeting ByteDance that went into effect on January 19th, TikTok quickly came back online. It eventually reappeared in the App Store and Google Play as negotiations between the US and China continued, and Donald Trump continued to sign extensions directing officials not to apply the law’s penalties.
Finally, in mid-December, TikTok CEO Shou Zi Chew told employees that the agreements to create TikTok USDS Joint Venture LLC, which includes Oracle, Silver Lake, and MGX as part owners, have been signed, and the deal is expected to close on January 22nd, 2026. His letter said that for users in the US, the new joint venture will oversee data protection, the security of a newly-retrained algorithm, content moderation, and the deployment of the US app and platform.
Read on for all the latest news on the TikTok ban law in the US.
NEWYou can now listen to Fox News articles!
You’re gonna love me for this.
Say you’re calling customer service because you need help. Maybe your bill is wrong, your service is down or you want a refund. Instead of a person, a cheerful AI voice answers and drops you into an endless loop of menus and misunderstood prompts. Now what?
That’s not an accident. Many companies use what insiders call “frustration AI.” The system is specifically designed to exhaust you until you hang up and walk away.
Not today. (Get more tips like this at GetKim.com)
FOX NEWS POLL: VOTERS SAY GO SLOW ON AI DEVELOPMENT — BUT DON’T KNOW WHO SHOULD STEER
Here are a few ways to bypass “frustration” AI bots. (Sebastian Kahnert/picture alliance via Getty Images)
Use the magic words
You want a human. For starters, don’t explain your issue. That’s the trap. You need words the AI has been programmed to treat differently.
Nuclear phrases: When the AI bot asks why you’re calling, say, “I need to cancel my service” or “I am returning a call.” The word cancel sets off alarms and often sends you straight to the customer retention team. Saying you’re returning a call signals an existing issue the bot cannot track. I used that last weekend when my internet went down, and, bam, I had a human.
Power words: When the system starts listing options, clearly say one word: “Supervisor.” If that doesn’t work, say, “I need to file a formal complaint.” Most systems are not programmed to deal with complaints or supervisors. They escalate fast.
Technical bypass: Asked to enter your account number? Press the pound key (#) instead of numbers. Many older systems treat unexpected input as an error and default to a human.
OPENAI ANNOUNCES UPGRADES FOR CHATGPT IMAGES WITH ‘4X FASTER GENERATION SPEED’
“Supervisor” is one magic word that can get you a human on the other end of the line. (Neil Godwin/Future via Getty Images)
Go above the bots
If direct commands fail with AI, be a confused human.
The Frustration Act: When the AI bot asks a question, pause. Wait 10 seconds before answering. These systems are built for fast, clean responses. Long pauses often break the flow and send your call to a human.
The Unintelligible Bypass: Stuck in a loop? Act like your phone connection is terrible. Say garbled words or nonsense. After the system says, “I’m having trouble understanding you” three times, many bots automatically transfer you to a live agent.
The Language Barrier Trick: If the company offers multiple languages, choose one that’s not your primary language or does not match your accent. The AI often gives up quickly and routes you to a human trained to handle language issues.
Use these tricks when you need help. You are calling for service, not an AI bot.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Long pauses and garbled language can also get you referred to a human. (iStock)
Get tech-smarter on your schedule
- National radio: Airing on 500-plus stations across the U.S. Find yours or get the free podcast.
- Daily newsletter: Join 650,000 people who read the Current (free!)
- Watch: On Kim’s YouTube channel
Award-winning host Kim Komando is your secret weapon for navigating tech.
Copyright 2026, WestStar Multimedia Entertainment. All rights reserved.
If you have $400 and want an iPad, your options are usually kind of limited to either just the base iPad, or better yet, the latest iPad Mini — if it happens to be on sale when you’re shopping (it is now, but that’s not always the case). But right now, you should consider getting the 128GB version of Apple’s 11-inch iPad Air with the capable M3 processor. At Target, multiple colors of this model are $399.99, beating the previous low of $449.99 we’ve seen during large-scale deal events. Currently, no other retailer is matching this price. This sale ends Saturday night.
$400 is a sweet price for this model, as it debuted in early 2025 for $600. In terms of how it stacks up to other iPad models, Verge editor-at-large David Pierce said in his impressions that the M3 Air is “exactly what you think it is. Which is fine.” I know, that sounds like a back-handed compliment, but it’s been a while since iPads peaked in terms of utility, design, and fast performance. This one carries the torch in Apple’s tablet dominance, and its M3 processor means it’ll be a fantastic tablet for longer than any other iPad at the $400 price point. Read our in-depth impressions.
Other Verge-approved deals
Port of South Louisiana welcomes new leadership
3 ways to enjoy the winter solstice in Maine
Maryland Lottery Pick 3, Pick 4 results for Dec. 18, 2025
Kenny Dillingham’s Michigan situation puts Arizona State back in familiar place
Deadline nears for Massachusetts Health Connector enrollment
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Video: ‘It Didn’t Have to Happen This Way:’ U.Va. Faculty Call for Review of Police Response to Protests
Video: Trump Mocks Obama, Biden in His Presidential ‘Walk of Fame’
Trump quietly signs sweeping $901B defense bill after bipartisan Senate passage
Mercosur signature delayed to January after Meloni asks for more time
Is ISIS making a comeback? : Sources & Methods
Texas Republicans launch ‘Sharia Free America Caucus’ aimed at defending ‘Western civilization’
-
Iowa4 days agoAddy Brown motivated to step up in Audi Crooks’ absence vs. UNI
-
Washington1 week agoLIVE UPDATES: Mudslide, road closures across Western Washington
-
Iowa6 days agoHow much snow did Iowa get? See Iowa’s latest snowfall totals
-
Maine3 days agoElementary-aged student killed in school bus crash in southern Maine
-
Maryland4 days agoFrigid temperatures to start the week in Maryland
-
Technology1 week agoThe Game Awards are losing their luster
-
South Dakota5 days agoNature: Snow in South Dakota
-
Nebraska1 week agoNebraska lands commitment from DL Jayden Travers adding to early Top 5 recruiting class