Full Report
One in six machines still run the old OS as migration stalls and patch deadlines creep closer
Analysis Summary
# Industry News: Windows 10 "Hard Core" Slows Migration, Looming Security Debt
## Summary
Recent data indicates that Windows 10 migration has reached a bottleneck, with approximately one in six machines (16.9%) still running the legacy OS as the official support cliff approaches. Despite the availability of Extended Security Updates (ESU), a significant portion of the remaining install base is trapped by vendor dependencies, certification gaps, and high replacement costs.
## Key Details
- **Date:** July 16, 2026 (Published)
- **Companies Involved:** Microsoft (Developer), Lansweeper (Data Source/Asset Management)
- **Category:** OS Platform Lifecycle / Market Analysis
## The Story
While the initial wave of Windows 11 migrations saw rapid adoption, the transition has now "stalled to a crawl." According to Lansweeper, Windows 10 still commands nearly 17% of the market. This "hard core" of devices isn't necessarily staying on the old OS due to neglect, but rather due to systemic barriers. Many devices in healthcare (23%) and retail (22.7%) are tied to vendor-certified hardware or industrial systems where a Windows 11-certified version simply does not yet exist.
This creates a widening security gap: Windows 10 devices currently average 1,903 active CVEs compared to 652 on Windows 11. Although Microsoft offers the ESU program—extending commercial support until October 2028—only about 14% of Windows 10 assets currently have these patches applied.
## Business Impact
### For the Companies Involved
- **Microsoft:** Faces a reputational risk if a major exploit hits the legacy tail; however, the ESU program provides a steady (if temporary) revenue stream from "laggard" enterprises.
### For Competitors
- **Linux/ChromeOS:** An opportunity exists to capture SMBs or thin-client environments that find the hardware requirements of Windows 11 (TPM 2.0) too costly to meet.
- **Security Vendors:** Increased demand for "virtual patching" and endpoint protection specifically tuned for legacy systems.
### For Customers
- **Enterprises:** Facing "forced" hardware refreshes as the technical debt of Windows 10 becomes too expensive to insure or secure.
- **SMBs:** Disproportionately affected (21.4% still on Win 10), often lacking the capital for wholesale hardware replacement.
### For the Market
- **Hardware Supercycle:** The "stall" suggests a looming spike in hardware procurement as the 2028 hard deadline approaches and ESU options expire.
## Technical Implications
- **Patch Diffing:** Attackers are reverse-engineering Windows 11 updates to identify unpatched vulnerabilities in Windows 10, essentially using Microsoft’s own fixes as a roadmap for exploitation.
- **Hardware Specs:** The primary driver for the stall remains Windows 11’s strict hardware requirements, which have rendered millions of otherwise functional machines "obsolete."
## Strategic Analysis
- **Market Positioning:** Microsoft is shifting from an "adoption" phase to a "mitigation" phase, using ESU to soften the landing for critical infrastructure.
- **Competitive Advantage:** Specialized vendors who can certify Windows 11 systems quickly are gaining a significant edge in sensitive sectors like Healthcare and Pharma.
- **Challenges:** The "vendor lock-in" problem—where the end-user cannot upgrade because the device manufacturer hasn't certified the new OS—creates a stalemate that Microsoft cannot solve alone.
## Industry Reactions
- **Lansweeper:** Notes that the "easy migrations are done" and that the remaining estate is largely held in place by "accepted risk" or air-gapped isolation.
- **Market Analysts:** Express concern over the 2.9x gap in CVE density between the two operating systems, labeling Windows 10 a primary target for ransomware in the coming 24 months.
## Future Outlook
- **The 2028 Cliff:** Expect a period of intense crisis-management for late adopters in Q3 2028.
- **What to watch for:** Whether Microsoft will be forced to extend ESU support even further if critical infrastructure (hospitals/utilities) fails to migrate in time.
## For Security Professionals
Practitioners must prioritize **Asset Visibility**. You cannot protect what you don't know exists. If Windows 10 machines remain in your environment:
1. **Isolate:** Move legacy assets to restricted VLANs or air-gapped segments.
2. **Verify ESU:** Ensure that if you are paying for extended updates, they are actually being deployed (currently only 14% of users are doing this effectively).
3. **Monitor for Drift:** Use patch-diffing intelligence to anticipate which exploits will likely target your legacy fleet following "Patch Tuesday."