On Tuesday, ESET released a report detailing a previously unidentified vulnerability in Windows that was exploited in conjunction with an equally unrecognized browser flaw to carry out attacks on PCs. Both vulnerabilities have since been resolved, and it is crucial for Windows users to ensure their systems are updated accordingly. However, PCs that are past their support period will remain vulnerable to such threats.  Currently, there are around 850 million users of Windows 10, in addition to 50 million users on even older versions of the operating system. Of these, approximately 450 million users have systems that likely meet the technical requirements to upgrade to Windows 11 and continue receiving support. This leaves about 400 million Windows 10 users who must make a decision before support for Windows 10 ends in October 2025, plus the additional cohort of users on older systems. 

Microsoft has announced a $30 one-time fee to extend Windows 10 support for an additional year, which could generate substantial revenue—up to $12 billion—if all 400 million eligible users decide to extend. For those whose PCs lack the required TPM 2.0 security module, various methods exist to facilitate an upgrade to Windows 11, and considering a new PC purchase in 2025 may be worthwhile as well. Regardless of the option chosen, it is vital to maintain support, as Microsoft’s notifications, though potentially annoying, serve an important purpose. The RomCom cyber threat group, allegedly backed by Russia, targets businesses for financial profit and possibly engages in state-sponsored espionage. Recent victims have included Ukrainian government agencies and various industrial sectors across the U.S. and Europe, such as insurance, pharmaceuticals, and energy. The latest attack involved a maliciously designed website that redirected victims to a server hosting the exploit. Once the exploit is executed, it allows RomCom to establish a backdoor. This type of dual vulnerability exploitation is increasingly common, demonstrating that even minor threats can pose significant risks when combined with other vulnerabilities. 

ESET indicated that between October 10 and November 4, 2024, most potential victims of this attack were located in Europe and the U.S., with a few hundred victims identified per affected country. The nature of the threat suggests it could spread further or be marketed to other malicious actors. ESET reported that the exploit required no user interaction, showcasing the sophistication and capabilities of the attackers. The firm praised Mozilla for addressing the vulnerability in just 25 hours, a notable feat in the industry, while Microsoft rolled out a patch for the Windows vulnerability in its most recent update. Despite Microsoft's introduction of a paid support extension for Windows 10, analysts anticipate a rebound in PC sales by 2025 linked to the end-of-life for Windows 10. According to The Register, global laptop sales are projected to rise by 4.9% in 2025, largely influenced by commercial upgrade cycles and the impending end of Windows 10 support, rather than an increase in demand for advanced AI-equipped devices. Analysts from TrendForce foresee growth in 2025, driven by decreased political uncertainty post-U.S. presidential elections and anticipated rate cuts by the Federal Reserve in September 2024. This situation, combined with the Windows 10 support conclusion and demand for commercial upgrades, is predicted to result in global notebook shipments rising to 183 million units in 2025. In contrast, 2024 is expected to face challenges from rising interest rates and geopolitical unrest, forecasted to yield 174 million unit shipments, marking a modest 3.9% year-over-year increase. 

Many of the 450 million PCs needing upgrades are unlikely to transition by the coming October deadline, leaving a significant number of users to either pay the support fee or lose access. The predicted recovery for 2025 is mainly targeted toward the enterprise market, which has already anticipated extended support options beyond October. Additionally, users might consider the implications of Windows Recall, an AI feature that will only be available on new Copilot+ PCs, and not offered as an update for existing Windows 11 or Windows 10 devices. This means that users looking to utilize this feature will need to purchase a new Copilot+ PC. In summary, the core issues are the 450 million PCs needing to extend Windows 10 support or upgrade hardware in the upcoming year and a hesitant market that isn't fully ready to adopt AI-powered devices. 

Whether Windows Recall can effectively encourage Windows 10 users to upgrade remains to be seen, as significant challenges still need to be addressed. Despite some positive feedback, major problems persist, including delays in snapshot storage which have been acknowledged by Microsoft. Disabling this feature may also pose difficulties, as it can be done through the 'Turn Windows Features on or off' menu, but associated binaries may still remain; Microsoft has indicated plans for future updates to resolve this issue fully.