.png)
Did you know that in October, Microsoft will no longer be operating on Windows 10? Or that Microsoft is disabling ActiveX controls within the month of May? Are you aware that Microsoft’s April security updates intentionally added a folder that you must NOT delete? As a small business utilizing all your team’s energy and resources, it can be overwhelming keeping up with the multiple security updates ensuring your business’ safety.
You may think in the midst of updates, ‘I will be fine not updating my computers for security updates, I’m not an important figure that anyone would want to compromise my information’. However, that couldn’t be farther from the truth. On the news, you hear of all the larger businesses enduring security breaches or phishing scams awareness. When you search online, you realize hundreds of businesses smaller than yours have gone through security breaches that have either ruined business reputations with their clients or go out of business financially after a single cyber-attack. Scariest part, that is only the businesses that have reported issues, that don’t apply for those that may not know yet they’re in or going through a cyber-attack. No matter how you put it, it is essential for you and your team to have a game plan to address cybersecurity and keep track of important deadlines to ensure your devices are up to date. While easier said than done, you may be asking, ‘where should I start?” This is where Ekaru comes in. Your local ally and best friend for Cybersecurity Awareness training, we are here to help.
Windows 10: What You Need to Know
Though Windows 11 has been Microsoft’s focus the last 4 years prior to release, Windows 10 remains a fan favorite operating system choice for many. In fact, about 240 million users are still running Windows 10, which leads up to some spots for vulnerabilities. To encourage users into utilizing Microsoft’s newer operating systems, Microsoft will discontinue all security updates for Windows 10 this October.
Due to multiple users continuously staying on Windows 10, multiple security vulnerabilities are on the rise, with six of them reportedly already being exploited by bad actors. The six exploits include implementing arbitrary code, overriding to take full control of a system or bypassing security features.
These vulnerabilities in question are part of a recent Microsoft Patch Tuesday update. Patch updates are monthly releases where the company addresses security flaws to ensure user safety. The six specific exploits were found to be actively in use by hackers to target Windows 10 systems. These hackers commence by leveraging these attacks to compromise systems for users that have not had the time or chance to properly update their devices.
To address and sometimes temporarily resolve these issues, Microsoft releases patches to while also insisting users update their systems immediately. Microsoft warns users if they do not begin to establish newer updates, users run the risk of significant consequences.
October 14, 2025, is the final day Microsoft will provide free security updates for Windows 10. Afterwards, systems still running on Windows 10 will no longer receive critical security patches, unless users enroll in Microsoft’s Extended Security Updates (ESU) program.
The ESU Program & What It Means for Users
Microsoft’s Extended Security Updates (ESU) will cost $30 per device for one additional year of updates, with the intent to provide users with more time to transition. While this offers a temporary solution for users with software/hardware limitations, it's not a long-term solution. The catch, the extended support depending on its settings may last for three years or less with a potential annual price increase. After a while you will have to make updates instead of investing in older software for safety precautions.
According to FOX, if you’re still on Windows 10, the immediate step is to ensure your system is updated with the latest patches. Follow the steps below to do that:
- Select Start
- Click Settings
- Click Windows Update
- Click Check For Updates
- If a feature update is available for your device, it will appear separately on the Windows update page
- To install it, click Download and Install now
- Windows 10 security flaws leave millions vulnerable
Source: https://www.foxnews.com/tech/windows-10-security-flaws-leave-millions-vulnerable
Additional Steps to Protect Your Hardware When Transitioning to Windows 11 from Windows 10
- Strong antivirus software detects and neutralizes malware before they can cause harm. While this won’t provide a permanent solution after October 2025, it reduces the risks from common attack vectors like phishing or malicious downloads.
- Do not click on links from users you do not recognize, downloading compromised files or mounting an untrusted virtual disk.
- Buying a new PC might be inevitable if you are unable to update to windows 11. However, there are alternatives like Linux that runs well on older hardware.
ActiveX Disappearing From Windows
In 1996, ActiveX was introduced. After almost 30 years, Microsoft will begin disabling all ActiveX controls in Windows versions of Microsoft 365 and Office 2024 within the month of May (so almost 2 weeks away now!).
ActiveX is known as a legacy software framework that developers can create interactive objects within Office documents.
What this means for users using ActiveX, the software will be blocked in all plug ins such as Word, Excel, PowerPoint, and Visio to reduce malware or unauthorized code execution from further occurring.
According to a Bleeping Computer Article; "When ActiveX is disabled, you will no longer be able to create or interact with ActiveX objects in Microsoft 365 files. Some existing ActiveX objects will still be visible as a static image, but it will not be possible to interact with them," said Zaeem Patel, a product manager on the Office Security team.
Microsoft says that those who want to enable ActiveX controls can do so via the Trust Center by going through the following steps (but it's important to note that this will enable ActiveX across all Office apps, including Word, PowerPoint, Excel, and Visio):
- Select File, then Options.
- Select Trust Center, then the Trust Center Settings button.
- Select ActiveX Settings, then ensure "Prompt me before enabling all controls with minimal restrictions" is enabled.
- Select OK, then OK again to save your settings and return to your document.
"For optimal security, Microsoft strongly encourages leaving ActiveX controls disabled unless absolutely necessary," Microsoft cautioned.
New Folder on Windows Update? Don’t Panic!
You may have noticed from Microsoft’s recent Windows 11 Update on April 8th, a folder called ‘inetpub’. This folder is an intentional change and nothing to be concerned with even though Microsoft did not address it right away. The folder is used to manage Internet Information Services (ISS) logs. When turned on, users are able to see a directory of when others locally host websites or apps. For those that do not intend on using this feature, Microsoft urges users not to delete the file as it is a defence in security for a bug known as “CVE-2025-21204”.
As the push to migrate to Windows 11 gains momentum, our team at Ekaru is stepping up to help businesses navigate this critical transition smoothly and securely.
Upgrading to Windows 11 isn't just about having the newest updates aesthetically, it's about staying ahead of cyber threats with enhanced security features built directly into the OS. We can assess a company’s current infrastructure, ensure hardware compatibility, and coordinate seamless deployments with minimal downtime. With constant updates, we can monitor your devices for all of Microsoft’s rolling updates and patch cycles, ensuring systems are always fortified against the latest vulnerabilities.
In today’s rapidly evolving threat landscape, small businesses partnering with our team at Ekaru means having proactive experts on your side, keeping your devices modern, secure, and fully optimized for everything Microsoft has to offer.
Schedule a free consultation to review your current security measures and learn how we can help protect your business. Your next step toward better security starts with a phone call.