Keeping Windows 10 Running Securely for Years to Come Without Breaking your Bank
Today is October 14, 2025 - the day of the last free Windows update for Windows 10 22H2.
Last free update? Well, Microsoft caved in and gave consumers with Home, Professional, Pro Education, or Workstations edition one free year of Extended Security Updates (ESU), with various meanings of "free".
For all business users, however, the time is up: three more years of Extended Security Updates are offered by Microsoft, but their price is $61 for the first year, and it doubles for the second year and again for the third, totaling in $427 for every Windows 10 computer in three years. It is clear Microsoft wants everyone to either upgrade to Windows 11 or pay them a lot of money.
With estimated 240 million Windows 10 computers being ineligible for upgrade due to Windows 11 hardware requirements, we're looking at a large number of Windows 10 computers going on without security patches on one hand, and many others ending up in landfill on the other.
It's always good to have more options, and we at 0patch are happy to provide one.
We have security-adopted many Windows versions in the past - starting with Windows 7 back in 2020 -, and today we're welcoming Windows 10 to our growing family. By security-adopting Windows 10 22H2, we will start actively collecting information on vulnerabilities affecting this version, and providing patches for these vulnerabilities.
Is 0patch effectively the same as Extended Security Updates?
Our security patches are not the same as Microsoft's, most notable differences being:
- In contrast to Microsoft's huge updates that replace hundreds of megabytes of executable files on your computer, our patches are called "micropatches", and comprise just a handful of CPU instructions each.
- Our patches do not get applied to executable files - instead, they get applied only to running processes in memory. This allows us to apply (and un-apply) them without having to restart the computer or even relaunch the applications we're patching. Imagine typing a document in Word and having Word silently patched without any interruption - that is our way of patching.
- Each of our patches addresses a single vulnerability (with a few exceptions), so you can apply/un-apply them individually if you think any of them is causing problems. This is different to Windows Updates where a single functional problem introduced by an update requires you to resurrect all vulnerabilities patched by such update when you uninstall it.
- Our patches get released as quickly as we can release them. Our technology allows us to actually compete with attackers who work around the clock to weaponize exploits and deploy them, and we want users to be able to win that race. Of course, organizations can decide which computers should get our patches applied immediately, and which should require their manual approval.
- Microsoft and 0patch do not patch all the same vulnerabilities:
- Microsoft patches many issues that we don't. Many of their patches fix vulnerabilities that only they (and the researchers who found them) know the details of - and these almost never get exploited. A vulnerability becomes likely-to-be-exploited when it becomes known to attackers, which is most often by a public disclosure, but sometimes also by circulating in more private circles. These are the ones we're fixing.
- 0patch patches vulnerabilities that Microsoft doesn't (at all or at least not quickly enough). Notably, 0patch has patches for all known "coerced authentication" issues that provide attackers and red teams a ubiquitous lateral movement opportunity with exploiting NTLM authentication hashes. This is a big pain point for large organizations which, for various reasons, cannot stop using the NTLM protocol.
In addition, we patch "0day" vulnerabilities when they become known to us; we currently have patches for one important 0day vulnerability that allows any user in a Windows domain to disable Windows Event Logging on any domain computer, but we have previously had many others (that Microsoft eventually patched) and we expect to have many more in the future.
Finally, we also patch "0day" vulnerabilities in non-Microsoft products. Occasionally a vulnerability in such product also needs to be patched when some vulnerable version is widely used, or the vendor doesn't produce a patch in a timely manner. Currently these products include Java runtime, Adobe Reader, Foxit Reader, 7-Zip, WinRAR, Zoom for Windows, Dropbox app, and NitroPDF. - In order to have our patches downloaded and applied to a computer, 0patch Agent - our lightweight Windows application - has to be installed and linked to your 0patch account.
- In contrast to Microsoft's 3 years of ESU, our patches for Windows 10 22H2 will be provided for at least 5 years - and likely longer if needed.
- Finally, our patches cost 25 EUR or 35 EUR per computer per year (depending on whether you need central management and enterprise features), and the price will not double each year.
I want to know more!
Sure, our original Windows 10 adoption announcement provides a lot of additional information.
See also: What do I have to do to receive post-EOS Windows 10 micropatches?
Sounds great, how do I get started?
Everyone is welcome to try 0patch for free and see how it works:
Get started with 0patch in 3 minutes
I have questions.
Of course, and we have many answers in our Help Center, inspired by people like you who contacted us over the years and taught us many things we didn't even know we didn't know:
How about Microsoft Office?
While we're on the subject of adopting, let's not forget that we're also adopting Microsoft Office 2016 and 2019 today. These products will not be getting any official security patches from Microsoft anymore, so if you keep using them it may be a good idea to secure them with our patches. A single 0patch license will cover both Windows 10 and Office patches on one computer.
