Microsoft’s Windows 11 is incompatible even with some recent machines.
Microsoft’s plan to halt updates for its Windows 10 operating system in mid-October has raised hackles among campaign groups and left some users worried they must buy new computers to be safe from cyberattacks.
Here is what you need to know about the planned end of support for the software.
What happens on October 14?
Computers running Microsoft’s 2015-vintage Windows 10 will receive no further updates from the American tech giant from October 14.
Such downloads were used to “regularly patch (update) the operating system because it had become the target of many cyberattacks,” said Martin Kraemer, a computer security expert with American firm KnowBe4.
What does this mean for users?
Microsoft has urged its customers to upgrade to the latest version of its operating system: Windows 11, released in 2021.
But the company is also offering a $30 one-year extension of Windows 10 security updates for users whose computer hardware is not compatible with the new operating system.
Consumer groups have blasted the move.
“The lack of backwards compatibility for certain Windows 10 machines sold only a couple of years ago is a blow to consumers’ pocketbooks” as they face being forced to upgrade, US campaign organization Consumer Reports said in a blog post last week.
In Europe, French groups such as End Planned Obsolescence (HOP) have started a petition demanding free updates extending to 2030.
And Germany’s Verbraucherzentrale federation of consumer groups said in May that the move “worries consumers and leaves them unable to make free purchase decisions.”
“Such a large volume of new (computer) purchases are also bad for the environment,” including by creating large amounts of hard-to-recycle electronic waste, they added.
How many users are affected?
Microsoft declined to answer AFP’s request for data on how many Windows users are unable to upgrade.
But Consumer Reports tallied 650 million people worldwide still using Windows 10 in August.
Another American outfit, the Public Interest Research Group (PIRG) estimates that up to 400 million computers are incompatible with Windows 11.
What are the dangers ?
Users unable to make the switch and who do not pay for security updates face a heightened threat of cyberattacks.
“By receiving no updates, you’re no longer protecting yourself against the most recent cybersecurity risks,” Kraemer said.
Although the increase in exposure is “very difficult” to quantify for individual users, as a group they would become priority targets for attackers sniffing for security holes.
As time goes on, Windows 10 users may also find themselves unable to install the latest third-party software, said Paddy Harrington of American consulting firm Forrester.
“Application vendors rely on the operating system vendor to provide certain features and functions,” Harrington pointed out.
“If these are not updated, the app vendor can’t be assured that their application will continue to function properly.”
What alternatives do users have?
Even the most recent antivirus software may not be enough to protect an operating system no longer receiving updates.
“There’s a limit to how much protection they can offer… it’s much better than doing nothing, but should be a temporary patch while you find a permanent solution,” Harrington said.
Users determined to stick with their existing hardware could switch instead to a different operating system, such as the open-source alternative Linux—already the choice for many devices like internet servers and the basis for Google’s Android smartphone operating system.
“As long as your applications support that OS and your management and security tools will support it, it’s a good choice,” Harrington said.
Citation:
Sunset for Windows 10 updates leaves users in a bind (2025, September 23)
retrieved 23 September 2025
from https://techxplore.com/news/2025-09-sunset-windows-users.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.
The largest western AI labs are taking a break from sniping at one another to partner on a new accelerator program for European startups building applications on top of their models. Paris-based incubator Station F will run the program, named F/ai.
On Tuesday, Station F announced it had partnered with Meta, Microsoft, Google, Anthropic, OpenAI and Mistral, which it says marks the first time the firms are all participating in a single accelerator. Other partners include cloud and semiconductor companies AWS, AMD, Qualcomm, and OVH Cloud.
An accelerator is effectively a crash course for early-stage startups, whereby founders attend classes and lectures, consult with specialists, and receive introductions to potential investors and customers. The broad aim is to help startups bring ideas to market as quickly as possible.
The 20 startups in each F/ai cohort will undergo a curriculum geared specifically toward helping European AI startups generate revenue earlier in their lifecycle, in turn making it easier to secure the funding required to expand into the largest global markets. “We’re focusing on rapid commercialization,” says Roxanne Varza, director at Station F, in an interview with WIRED. “Investors are starting to feel like, ‘European companies are nice, but they’re not hitting the $1 million revenue mark fast enough.’”
The accelerator will run for three months, twice a year. The first edition began on January 13. Station F has not revealed which startups make up the cohort, but many were recommended by Sequoia Capital, General Catalyst, Lightspeed, or one of the other VC firms involved in the program. The startups are all building AI applications on top of the foundational models developed by the partnering labs, in areas ranging from agentic AI to procurement and finance.
In lieu of direct funding, participating founders will receive more than $1 million in credits that can be traded for access to AI models, compute, and other services from the partner firms.
With very few exceptions, European companies have so far lagged behind their American and Chinese counterparts at every stage of the AI production line. To try to close that gap, the UK and EU governments are throwing hundreds of millions of dollars at attempts to support homegrown AI firms, and develop the domestic data center and power infrastructure necessary to train and operate AI models and applications.
In the US, tech accelerators like Y Combinator have produced a crop of household names, including Airbnb, Stripe, DoorDash, and Reddit. OpenAI was itself established in 2015 with the help of funding from Y Combinator’s then research division. Station F intends for F/ai to have a similar impact in Europe, making domestic AI startups competitive on the international stage. “It’s for European founders with a global ambition,” says Varza.
The program also represents a chance for the US-based AI labs to sow further seeds in Europe, using subsidies to incentivize a new generation of startups to build atop their technologies.
Once a developer begins to build on top of a particular model, it is rarely straightforward to swap to an alternative, says Marta Vinaixa, partner and CEO at VC firm Ryde Ventures. “When you build on top of these systems, you’re also building for how the systems behave—their quirkiness,” she says. “Once you start with a foundation, at least for the same project, you’re not going to change to another.”
The earlier in a company’s lifecycle it begins to develop on top of a particular model, says Vinaixa, the more that effect is magnified. “The sooner that you start, the more that you accumulate, the more difficult it becomes,” she says.
There isn’t a one-size-fits-all when it comes to toys aimed at providing accessibility or inclusion, just like there isn’t one type of disability. Very few toys or brands are actually made with disability at the forefront, the exception being Cute Little Fuckers, a queer,- trans-, and disabled-owned sex toy brand. (I tested three of the brand’s toys, above.)
So instead, I thought of my own needs as someone with upper-limb disabilities, and I talked to other disabled folks, including those who use wheelchairs or have lower-body disabilities, to find out what they look for in their sex toys. This included tools like slings, pillows, and chairs that help with positioning during sex (or solo play). (More on that below.)
Since I have a vagina and upper limb disabilities, many of the toys I tested were aimed at people like me, but many, like app-connected G-spot and clitoral toys, have similar versions with the same in-app features, except for people with penises or those that prefer anal play.
I took many factors intro consideration, including weight, length, girth; whether the toy was easy to hold or could be wedged; if you could just lie on it or use in multiple positions; and if it could be controlled via buttons (and how difficult those might be to press), in-app, or with a remote control. Once the individual realizes what they need from a toy to make it work for their body and ability, it’ll be easier to narrow down the toy that’d work best.
I tested several sex toy holders, including those that fit into a pillow for mounting or lying, and a sex toy holder that suctions to surfaces or straps into place. I also tested several toys that someone can just grind against, lie on, or sit on.
I wasn’t able to test a hand harness to keep the toy in your hand, as it didn’t fit my small hand, but these can be a more controlled way to hold a sex toy rather than wedging with pillows, grinding on, or using a surface mount.
The Liberator Wedge also came highly recommended to me, but I also wasn’t able to test it. This angled pillow makes sex easier for those in non-normative bodies or for those who suffer from pain, as they can reach the angles and positions needed to relieve pressure. As I mentioned above, a pillow also helps to achieve deeper penetration with partners with smaller penises or bigger bodies, where genitals can be trickier to reach without additional help.
Brands like IntimateRider make chairs and sex accessories for wheelchair users, paraplegics, and others who have spinal cord injuries and similar disabilities where traditional sex may not be an option without these valuable tools.
The recent exploitation of CVE-2026-21509 by Russia’s APT28 group, just days after Microsoft disclosed and patched it, isn’t merely another security incident to file away. It’s a flashing red warning indicator that the aggregation risk and our dependence on a default software platform is creating systemic risk in a world where spreadsheets and spyware are equally viable warfare tools.
APT28, also known as Fancy Bear, BlueDelta and Forest Blizzard, isn’t some shadowy newcomer. This unit of Russia’s GRU military intelligence has been wreaking havoc since at least 2007. They may have interfered in the 2016 US presidential election, compromised the World Anti-Doping Agency, targeted Nato, and they are credited with conducting countless operations against Ukrainian infrastructure. They’re sophisticated, relentless, and have a particular fondness for Microsoft’s ecosystem.
In recent years, they’ve exploited vulnerabilities in Microsoft Exchange, Outlook, and now Office itself. Their tradecraft isn’t opportunistic – it’s industrial-scale cyber warfare executed with military precision.
Severe Office vulnerability
Only recently we witnessed their latest attack. The timeline gives rise for concern as Microsoft issued an out-of-band patch for a high-severity Office vulnerability on 26 January.
Three days later, malicious documents exploiting that exact flaw started circulating in Ukraine. Phishing lure files appear to have been crafted within 24 hours of Microsoft disclosing the software flaw, a single day after the patch dropped.
Think about that timeline – this is an adversary that was either tipped off, had advance access, or was already weaponising the vulnerability before the patch even existed.
This is an adversary that was either tipped off, had advance access, or was already weaponising the vulnerability before the patch even existed Bill McCluggage
CVE-2026-21509 is a security feature bypass – the kind of flaw that tricks users into opening crafted Office files that deliver MiniDoor malware, designed to harvest and exfiltrate victims’ emails, along with PixyNetLoader malware, designed to implant malicious software on compromised systems.
The problem is structural. IT professionals know that deploying patches isn’t instantaneous. They take time, albeit in some cases automated updates can be relatively quick. But in a conflict zone wrestling with bandwidth constraints, outdated systems, and limited access to enterprise-grade licensing, that vulnerability window becomes a chasm.
If Ukrainian organisations are running older Office builds because they lack resources for restrictive, subscription-based licensing, or can’t afford IT automation for patching, they’re sitting ducks. This is a strategic liability, and other nations need to understand the systemic risk they too face.
Microsoft’s patching cadence deserves further scrutiny, and this incident highlights that recognition delays matter, even outside of active conflict zones. When vulnerabilities are actively exploited before patches arrive or are installed, we’re no longer managing risk, we’re into documenting damage and incident recovery.
Delays in Microsoft patch deployment shouldn’t be inevitable – when your patch management depends on manual schedules, restricted bandwidth, or enterprise support you can’t access, that delay becomes a shooting gallery for groups like APT28.
Recent Azure outages, whether from cyber attacks or botched updates, have demonstrated how a single point of failure implanted in Redmond can cascade globally. When national governments, critical infrastructure, and essential services run on cloud platforms controlled by one company, we’re not just talking about vendor lock-in. We’re talking about digital colonialism disguised as convenience that introduces systemic risk.
Market concentration compounds this risk. When a single platform is effectively the default across governments and corporations globally, vulnerabilities don’t fail in isolation – they fester and spread.
Licensing models and interoperability barriers that discourage diversification entrench this monoculture. The result is aggregation risk on a geopolitical scale – its bugs are potential weapons in grey-zone conflicts where every user is a potential target, and every attachment could be a trap.
This isn’t just a cyber security challenge – it’s a market structure problem. Structural risks require structural remedies. Bodies like the UK Competition and Markets Authority (CMA) and the European Commission’s Directorate-General for Competition have a clear role here, by ensuring that concentration in productivity and cloud services does not translate into national and global security vulnerabilities.
The ability to diversify and introduce real competition in secure cloud and productivity ecosystems is becoming a matter of digital sovereignty and defence resilience.
The way forward
So what’s the path forward? Microsoft must rethink vulnerability disclosure and patching for high-impact products introducing faster mitigation pathways and protective heuristics that can be deployed before formal patches are released.
Enterprises and governments need to invest in automated patch management and redundancy planning.
And regulators need to recognise that monoculture is inseparable from security risk.
The next frontier of cyber security policy isn’t just about defending networks – it’s about making markets safer by design.
Bill McCluggage was director of IT strategy and policy in the Cabinet Office and deputy government CIO from 2009 to 2012.
Entertainment5 days ago
Tech1 week ago
Fashion1 week ago
Fashion1 week ago
Tech5 days ago