The UK’s National Cyber Security Centre (NCSC) has issued a strong recommendation for organizations still using Windows 10: upgrade to Windows 11 within the next three months or risk significant cybersecurity vulnerabilities.

The warning comes as Windows 10 approaches its end-of-support date on October 14, 2025, after which Microsoft will no longer release security updates or patches. This means that systems still running Windows 10 beyond that date will be left exposed to known and emerging threats.

“The security implications of not upgrading are clear and severe,” the NCSC said in a blog post. “Unsupported systems become low-hanging fruit for cybercriminals.”

Lessons from the Past: The Risk of Outdated Systems

The NCSC pointed to past incidents—such as the WannaCry ransomware outbreak in 2017—as clear evidence of how cyber attackers exploit outdated systems. That attack, which heavily impacted the UK’s National Health Service (NHS), targeted unpatched Windows XP machines.

Despite these well-known risks, many organizations continue to rely on Windows 10, either due to operational complexity or concerns about compatibility.

Ollie Whitehouse, NCSC’s Chief Technical Officer, compared the situation to “accumulating technical debt” with potentially costly consequences. He urged businesses to treat this migration as a cyber resilience priority, emphasizing the need for supported, secure software as required by best practices like Cyber Essentials.

What Windows 11 Brings to the Table

Upgrading to Windows 11 is not just about staying supported—it’s also about unlocking stronger, built-in security features:

• BitLocker and Virtualization-Based Security (VBS) are now easier to activate.
• Secure Launch and Credential Guard are more tightly integrated by default.
• New functionalities like native passkey management and enhanced Windows Hello offer a more secure authentication experience.

These features help organizations strengthen their overall security posture with minimal manual configuration.

Hardware Requirements and Justification for Upgrades

The NCSC also reminded users that not all existing hardware will be compatible with Windows 11. Devices must support:

• Trusted Platform Module (TPM) 2.0
• Unified Extensible Firmware Interface (UEFI)
• Secure Boot

If even one of these components is missing, the upgrade may not be feasible. In such cases, the NCSC considers the purchase of new, compliant hardware a justified investment in long-term cybersecurity.

At Nubetia, we help organizations manage their software lifecycle with cybersecurity at the core. Whether you need assistance with OS migration, endpoint protection, or compliance strategies, we’re here to guide your transition to a more secure future.

Explore our services at nubetia.com and stay protected.

Source: https://www.infosecurity-magazine.com/news/ncsc-urges-upgrade-microsoft/