Microsoft ended official support for Windows 10 in 2025, but the company may have a harder time than expected putting the operating system out to pasture. After promising a year of optional extended update support, Microsoft has changed its policy, tacking on another year to its Extended Security Updates (ESU) program. If you are still clinging to Windows 10, you don't have to do anything but enjoy that extra year.

The last regular updates rolled out to Windows 10 in October of last year, but the Internet can be a dangerous place for unpatched Windows machines. That was a problem for Microsoft, as Windows 11 usage had only barely surpassed Windows 10 when support ended. Microsoft's solution was to give everyone on the old OS a free year of extended updates.

That program was set to end on October 12, 2026, but Microsoft has updated its policy with hardly a whisper, pushing back the end of extended updates to October 12, 2027. The ESU support page was updated with that date, and Microsoft's blog post on the program has a new editor's note confirming the change.

Read full article

Comments

Just 100 days ago, when new Microsoft Gaming CEO Asha Sharma replaced long-serving executive Phil Spencer, she said she'd work to "understand what makes [Xbox] work and protect it." Now, Sharma and Xbox Studios chief Matt Booty have laid out the many things that are not working for the Xbox brand in a brutal self-assessment the they say necessitates a wholesale "Xbox reset."

The message sent to Xbox employees and shared publicly via Xbox Wire last night paints a grim picture for practically every facet of the Xbox division. That portion of Microsoft is currently only seeing a "3 percent accountability margin" (read: profit margin), down year over year and well below both the game industry average and the lofty 30 percent margins that Microsoft is reportedly seeking across the board.

It's an underperformance, they write, born out of being "overextended" by moves like the $69 billion acquisition of Activision. That mega-merger came on top of $20 billion in spending on other acquisitions, platform investments, and hardware subsidies over the last five years, the executives write. But despite the spending spree, Microsoft's overall gaming revenues are down nearly $500 million compared to five years ago.

Read full article

Comments

Microsoft on Tuesday released fixes for two high-severity zero-days that were disclosed by a researcher who has been locked in a testy beef with the software giant.

Nightmare Eclipse, the pseudonym the researcher goes by, released a handful of high-severity vulnerabilities in recent months, making them zero-days that had the potential to be exploited in the wild. The researcher has said the disclosures, which included proof-of-concept code, came after Microsoft reneged on an arrangement the two made regarding vulnerabilities they had discussed.

Disclosure drama

“But someone violated our agreement and left me homeless with nothing,” Nightmare Eclipse wrote in March. “They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine.”

Read full article

Comments

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI coding agents.

In all, multiple researchers said, 73 packages were flagged as malicious when automated systems on GitHub blocked them on the platform. Rather than noting they are malicious—and that developers who used AI agents to work with them should assume their systems are compromised—the Microsoft-owned GitHub said it disabled the packages “due to a violation of GitHub's terms of service.” The text went on to encourage the package owner to contact GitHub.

Devs: Assume compromise and proceed accordingly

It wasn’t until Monday that Microsoft even raised the possibility the packages were infected. In an email, the company stated: “We have temporarily removed some repositories as we investigate potential malicious content.”

Read full article

Comments