Kaspersky Telemetry Signals Windows 10 Dominance as Oct 2025 End of Support Looms

Kaspersky’s recent telemetry snapshot landed like a warning siren for IT teams and home users alike: in the vendor’s sampled dataset roughly 53% of monitored devices were still running Windows 10 with only 33% on Windows 11 and a non‑trivial 8.5% still using Windows 7, even as Microsoft’s official support deadline for Windows 10 looms. This is an operationally meaningful finding because Microsoft will stop issuing routine security and quality updates for Windows 10 on October 14, 2025, forcing any remaining Windows 10 installations into an unsupported state unless covered by Microsoft’s Extended Security Updates (ESU) or other mitigations.

Background / Overview​

Windows 10 has been the dominant desktop operating system since its 2015 release. Microsoft’s lifecycle calendar is explicit: Windows 10 support ends on October 14, 2025—that’s the day monthly cumulative security updates and technical support for mainstream editions cease unless devices are enrolled in ESU or migrated to Windows 11. Microsoft’s lifecycle pages and announcements detail the options and caveats for consumers and organizations assessing next steps.
Security vendors and telemetry providers have a special perspective here: they see endpoint inventories and threat signals in real time. Kaspersky’s study used anonymized OS metadata reported by consenting members of its Kaspersky Security Network (KSN) to estimate installed OS shares across its installed base. That telemetry snapshot—large and operationally relevant—shows a majority of devices in Kaspersky’s sample remain on Windows 10 and a measurable tail still on Windows 7.

---

What Kaspersky actually reported​

The topline figures​

• Windows 10: ~53% of devices in the Kaspersky telemetry slice.
• Windows 11: ~33% of devices.
• Windows 7: ~8.5% of devices—an unexpectedly large remnant given that Windows 7’s mainstream support ended years ago.
• Corporate endpoints: Windows 10 is more entrenched—59.5% in corporate fleets in Kaspersky’s sample versus 51% for small business devices.

These numbers were published by Kaspersky in early September 2025 and have since been circulated widely in press coverage and industry commentary. The company’s security experts framed the figures as a clear risk signal: an OS not receiving security updates becomes an attractive, high‑value target for attackers and a compliance headache for organizations.

Methodology caveat (important)​

Kaspersky’s data comes from devices using Kaspersky products that have consented to telemetry collection. That’s a large but non‑random sample and can reflect regional, vertical and customer‑type skews where Kaspersky has stronger market presence. Interpreting these percentages as a universal global census would be a mistake; they are best treated as a telemetry snapshot that signals real operational risk across devices in Kaspersky’s installed base.

---

How Kaspersky’s snapshot compares with other measures​

Telemetry vendors, web‑analytics trackers and OEM/IT asset inventories measure different things and often produce different percentages for the same question—“what share of PCs run Windows 10?” Here are the most relevant comparators:

• StatCounter (pageview‑based web analytics) showed Windows 11 approaching or passing parity with Windows 10 in mid‑2025, with month‑to‑month swings that reflected browsing behaviour rather than installed base. StatCounter’s snapshots for summer 2025 placed Windows 11 in the high 40s–50% range while Windows 10 hovered in the mid‑40s—different from Kaspersky’s telemetry because it measures web pageviews, not installed endpoints.
• Lansweeper and other IT asset management vendors have repeatedly documented that a substantial portion of enterprise PCs either do not meet Windows 11 hardware requirements or have procedural barriers to immediate migration. Lansweeper’s readiness assessments and audits showed large compatibility gaps (TPM, Secure Boot, CPU lists) in many enterprise estates—explaining why Windows 10 lingers in corporate environments.
• Public reporting from OEMs and independent trade press has echoed the same theme: migration is underway but incomplete, with regional and segmental differences that produce divergent headline numbers depending on measurement method.

In short: Kaspersky’s snapshot is consistent with other signals that Windows 10 remains widely deployed—particularly in corporate fleets—even if the exact share differs by measurement method. Treating Kaspersky’s numbers as a directional alarm is sensible; treating them as the sole universal truth is not.

---

Why the numbers differ: methodology matters​

Three common measurement families answer different questions:

• Security‑vendor telemetry (Kaspersky, ESET, etc.) — Shows installed base characteristics where that vendor protects devices and where telemetry is enabled. Strong for security posture analysis but susceptible to vendor market share and regional skew.
• Web pageview trackers (StatCounter, similar services) — Infer OS versions from browser user‑agent strings. They reflect active browsing devices and are sensitive to the mix of sites and user behaviour (heavy‑browsing devices weigh more).
• IT asset inventories / OEM telemetry (Lansweeper, OEM fleet data) — Ground truth for a given organization or OEM but not globally representative.

Each is valid for its intended purpose. The practical task for IT teams is to reconcile external telemetry signals with their own inventories—if Kaspersky shows a high Windows 10 proportion in its telemetry, and your estate looks similar, you need to treat the risk as real for your environment.

---

The security implications of October 14, 2025 (what “end of support” really means)​

• No more routine security updates: After October 14, 2025 Microsoft will not provide regular cumulative security updates for Windows 10 Home, Pro, Enterprise or Education editions. That means newly discovered vulnerabilities will not be patched by Microsoft for un‑covered devices.
• Increased exploitability: Historical precedent (Windows XP, Windows 7) shows that EOL operating systems quickly become valuable targets. Attackers probe for unpatched flaws and weaponize them; unpatched endpoints can be used for initial access, lateral movement and persistence. The operational surface expands the moment vendor patching stops.
• Compliance and continuity risk: Unsupported OSes can run afoul of regulatory standards, insurance requirements and vendor support matrices. Over time, third‑party security tools and business‑critical software may become incompatible with older OS builds.
• Microsoft ESU bridge: Microsoft and its lifecycle pages outline Extended Security Updates (ESU) options. For consumers, Microsoft offered a limited consumer ESU path to provide a one‑year security extension in some scenarios; commercial ESU options can be renewed (and priced) for multiple years. Exact enrollment options and pricing vary by region and offering; check Microsoft’s lifecycle and support pages for authoritative, up‑to‑date details.

---

Why many organizations still run Windows 10 (the practical barriers)​

• Hardware eligibility
  Windows 11 has stricter hardware requirements—TPM 2.0, UEFI Secure Boot, an approved CPU list (modern processors), minimum RAM and storage. Many corporate desktops and older laptops lack those components or require firmware updates, BIOS changes or hardware replacements to comply. Microsoft documents the Windows 11 system requirements on its support pages.
• Application and driver compatibility
  Businesses run line‑of‑business (LOB) apps, bespoke drivers and legacy integrations that must be tested against Windows 11. That testing cycle, vendor validation and remediation consumes time and budget.
• Procurement and budgeting cycles
  Large fleets move on fiscal timetables. Rolling refresh projects spanning quarters or years are common; a surprise forced migration can be disruptive and costly.
• Operational risk tolerance
  Organizations sometimes opt to buy time (ESU, isolation, segmented network access) rather than rush a disruptive upgrade across mission‑critical systems. That is a tradeoff—temporary mitigation for real upgrade planning—but it raises sustained exposure.

Lansweeper’s audits and industry reporting repeatedly show that a meaningful share of business devices remain ineligible or unprepared to move to Windows 11 without planned activities.

---

Critical appraisal: strengths and limits of the Kaspersky dataset​

Strengths​

• Operational visibility: Kaspersky’s telemetry sees endpoint OS metadata at scale in real world environments, making it a useful signal for security posture and exposure within its installed base.
• Segmentation: The dataset allows segmentation (consumer vs small business vs corporate) that highlights where risk concentrates—useful for prioritizing migrations and mitigations.

Limits and caveats​

• Sampling bias: KSN reflects systems where Kaspersky software is installed and telemetry is enabled; it is not a randomized global sample and may over‑ or under‑represent particular geographies and verticals. That renders the percentages directional rather than definitive.
• Potential commercial framing: Kaspersky’s recommendations include its own security products and solutions. That is reasonable for a vendor to do, but readers should understand the difference between operational advice (migrate, patch, inventory) and vendor product recommendations—evaluate multiple mitigation tools and independent audit data when planning budgets.
• Temporal sensitivity: Adoption rates change fast around EOL events. Pageview‑based trackers and vendor telemetry can swing week‑to‑week as upgrade prompts and refresh programs accelerate. Use recent, corroborated data for tactical decisions.

---

Practical migration and mitigation playbook (for IT teams and advanced home users)​

The clock to October 14, 2025 is a firm operational marker. The following is a prioritized, pragmatic playbook:

1. Immediate inventory and triage (days 0–7)​

• Run an automated inventory of OS versions, build numbers, and update status. Use your endpoint management tool (MDM, SCCM, Lansweeper, etc.) or the built‑in Microsoft Update reports.
• Classify endpoints by sensitivity: critical servers, business‑critical workstations, high‑risk user groups (finance, HR), and non‑critical devices.

2. Compatibility checks (days 1–14)​

• Use the Microsoft PC Health Check and vendor tools to identify Windows 11‑eligible devices. Verify TPM 2.0, UEFI Secure Boot and CPU compatibility. Microsoft’s Windows 11 system requirements page lists the official minimums.

3. Pilot upgrades (weeks 2–6)​

• Select a representative pilot group (diverse hardware, critical LOB apps) and perform staged upgrades to Windows 11. Test app compatibility, drivers and security tooling thoroughly.

4. Short‑term bridge where needed (weeks 2–12)​

• For devices that cannot upgrade immediately:
• Enroll eligible devices in Microsoft’s ESU if that’s appropriate and cost‑effective. Confirm regional availability and enrollment mechanics before relying on it.
• Apply compensating controls: network segmentation, restricted internet access for legacy endpoints, robust multi‑factor authentication, and strict least‑privilege policies.

5. Full rollout and decommissioning (months 2–18)​

• Schedule phased hardware refreshes aligned to budget cycles; prioritize high‑risk endpoints.
• Decommission or reimage devices that cannot be upgraded and are not critical, replacing them with Windows 11‑capable hardware where appropriate.

6. Continuous monitoring and incident readiness (ongoing)​

• Increase logging, detections and incident response readiness for the months after EOL. Expect threat actors to probe for unpatched Windows 10 hosts. Strengthen EDR, network segmentation and patching cadence for all other assets.

---

What Kaspersky recommends — and how to weigh it​

Kaspersky’s public guidance is straightforward: enable automatic OS updates, migrate to Windows 11 where possible, and adopt solutions that provide exploit prevention and mitigations for unpatched vulnerabilities (the vendor referenced Kaspersky Premium, Kaspersky Small Office Security and Kaspersky Next as examples). That recommendation is operationally sound—keeping the OS current is the most fundamental security control—but it is also delivered by a vendor that sells endpoint security tools. Readers should evaluate vendor recommendations alongside independent mitigations (Microsoft Defender/EDR, network controls, inventory tools) and internal capability to implement upgrades.

---

Risks and secondary impacts IT and business leaders should weigh​

• Cost of last‑minute migration: Rushed rollouts are more expensive and error‑prone. Planned, phased upgrades reduce total cost and operational disruption.
• Third‑party compatibility: Some enterprise software vendors will limit support on older OSes, creating hidden costs for legacy compatibility. Confirm vendor support windows for mission‑critical apps.
• Regulatory exposure: Unsupported systems may violate regulatory or contractual obligations for data protection and security controls.
• User friction and productivity: Interface changes and feature differences in Windows 11 can cause short‑term productivity dips; plan training and pilot periods to smooth adoption.

---

Unverifiable or variable claims — flagged​

• Any single global “count” of how many devices will be affected (for example, headlines quoting an exact number of millions of PCs) should be treated as an estimate. Published totals vary by tracker and methodology; different measurement pools (installed‑base telemetry, pageviews, OEM inventories) yield different absolute counts. Trust local inventory data for precise budgeting and risk calculations.
• Claims about free consumer ESU enrollment options (via Microsoft Rewards, account sync, etc.) are region‑dependent and subject to Microsoft’s evolving enrollment rules. Confirm ESU eligibility and enrollment mechanics on Microsoft’s official lifecycle/ESU pages for your country.

---

Executive summary and conclusion​

Kaspersky’s telemetry snapshot—showing roughly 53% of devices in its sample still on Windows 10 and only 33% on Windows 11—is a credible and operationally important warning for any environment that resembles Kaspersky’s installed base: corporate fleets, SMB estates and consumer sets where Kaspersky is active. The finding aligns with other signals about migration friction—hardware eligibility limits, application compatibility testing, and procurement cycles—that explain why Windows 10 persists even as Microsoft’s security updates stop on October 14, 2025.
Action is straightforward in principle and challenging in practice: inventory your estate now, check Windows 11 eligibility, pilot and validate upgrades, use ESU only as a controlled bridge, and harden legacy endpoints while you migrate. The cost of measured, phased upgrades and layered mitigations is almost always lower than the potential fallout from a successful attack against unsupported systems. Kaspersky’s data is a directional alarm; the practical response should be grounded in your own inventories and validated against multiple external trackers and vendor lifecycle pages.

---

Key quick actions (one‑line checklist)

• Run a full OS inventory this week.
• Identify Windows 11‑eligible devices and pilot upgrades.
• Enroll critical legacy devices in ESU if necessary and confirm terms.
• Harden and segment any remaining Windows 10 hosts.
• Prioritize high‑risk endpoints for replacement or migration.

The calendar is fixed. Treat October 14, 2025 as an inflection point for security, compliance and continuity planning—and move with purpose, not panic.

---

Source: CXOToday.com Kaspersky: More than half of PCs are still operating Windows 10 OS