240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now

Windows
(Image credit: Shutterstock)

If you’re running a Windows 10 PC, make sure you download the latest update right now. We’re understanding more of what this month’s Patch Tuesday is fixing, and the six actively exploited vulnerabilities could affect up to 240 million people.

In fact, and this one is so important, America’s Cyber Defense Agency has put out quite a stark message: update before April 1st, or just turn off your computer to be safe.

Let’s take a closer look at this and understand the more critical problem that is slowly becoming more present for people sporting Redmond’s older OS with no way to upgrade.

The dirty dozen

Windows 10

(Image credit: Charnsitr/Shutterstock)
Keep your Windows PC secure

Microsoft is ending Windows 10 security updates this October. If you're keen to keep using your computer, one of the best antivirus software options is your best defense.

Did I say “six active attacks” before? Well, that’s sort of true, but there are another six critical flaws that Microsoft is stomping out. However, these are the actively exploited vulnerabilities to worry about right now (please excuse the catchy names):

  • CVE-2025-24993: This is a common buffer overflow exploit. In simple terms, cybercriminals take advantage of a coding error and overload your system memory with more, which overwrites your current system memory.
  • CVE-2025-24991: If an unsuspecting user mounts a nefarious virtual hard disk (VHD), this bug allows a hacker to read all of your data (even all the out-of-bounds stuff).
  • CVE-2025-24984: This exploit allows an attacker to record all sensitive information into a log file for them to take. While it’s a concerning one, it does require the hacker to physically access your computer.
  • CVE-2025-26633: A simple (but risky) bypass flaw in the Microsoft Management Console.
  • CVE-2025-24985: This one also requires the hacker to convince a user to mount a VHD of their own volition. But once done, there is a privilege escalation flaw that can be exploited to take over the victim’s entire computer.
  • CVE-2025-24983: This is a system-level exploit where a hacker can run a specially crafted program that exploits the Kernel Subsystem of Windows to give an attacker top privileges to your system.

So far, as The Register reports, more than 600 organizations have been hit by just one of these, so there’s a very real risk more are, too. As for the remaining six, these are a series of sensitive data exploits, remote desktop client risks and vulnerabilities through Office documents.

A ticking time bomb?

I know that sub-headline is a little dramatic, but let me explain. You see, the fix for these is simple now: just update your system. But Microsoft has confirmed that security updates for Windows 10 will end on October 14th — with Redmond’s position being that you should move to Windows 11.

The warning is clear whenever you update your PC, stating that “support for Windows 10 will end in October 2025. After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.”

While the mass upgrade is in process — with a roughly 60/40 split between Windows 10 and 11 users and 2% moving to the latter each month — here’s the problem. Canalys Research has run the numbers and seen that there are 240 million users with a PC that does not support the current version of Windows.

For starters, that is going to be a catastrophic landfill problem. An estimated 1.1 billion pounds of computing equipment would be thrown out, which is the equivalent of a whopping 320,000 cars. Ultimately, that level of migration to Windows 11 is just too slow. Potentially, hundreds of millions of people will be vulnerable if Microsoft doesn’t do one of the following:

  • Continue security updates
  • Change compatibility of Windows 11 to allow for these PCs to hop over

People’s private data is at risk. Please, Redmond. Do the right thing here.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
Jason England
Managing Editor — Computing

Jason brings a decade of tech and gaming journalism experience to his role as a Managing Editor of Computing at Tom's Guide. He has previously written for Laptop Mag, Tom's Hardware, Kotaku, Stuff and BBC Science Focus. In his spare time, you'll find Jason looking for good dogs to pet or thinking about eating pizza if he isn't already.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A laptop on a windowsill in the middle of a Windows update
Microsoft is ending support for Windows 10 soon — 5 ways to make sure your PC is secure
How to disable the Windows key
Microsoft patches over 160 security flaws including 3 active zero days — update your PC right now
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
Windows 10 logo
Windows 10 end of life set for this year — everything you need to know to get ready
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
Titus Welliver in Bosch Legacy season 3
‘Bosch’ season 3 preview: 5 things to know before the final season on Prime Video
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options