Two different things, two different dates, and two different costs.
There’s no shortage of confusion around Windows 10’s end-of-support date. This question has been asked a few times: What’s the deal with paying for ESU until 2026 if Windows Security will continue to be updated through 2028?
It’s an apples-and-oranges kind of comparison. Even though they have similar names, they’re two different things.
Let me explain.
Security to 2026 or 2028?
Windows Defender will keep updating its malware database until 2028, but that’s not the same as fixing flaws in Windows itself. Extended Security Updates (ESU) cover those fixes, pushing updates to Windows until 2026. Defender protects against new malware; ESU fixes Windows bugs.
Windows Defender updates through 2028
In Microsoft’s How to prepare for Windows 10 end of support by moving to Windows 11 today article, they include the following statement:
Microsoft will also continue to provide Security Intelligence Updates for Microsoft Defender Antivirus through at least October 2028.
This means that one program — the anti-virus tool in Windows Security called Windows Defender — will continue to receive updates to its database of known malware through 2028. This will allow it to detect new malware that’s released between now and then.
Related
Should You Sign Up for Extended Security Updates (ESU) for Windows 10?
I'll review the security protection for Windows 10 beyond its official end-of-support date: what it means, pros and cons, and what we know about how to get it -- perhaps even for free.#175852
This only affects Windows Defender, and only its database of malware1 (AKA Security Intelligence Updates).
The reference to 2028 refers only to Windows Defender.
Help keep it going by becoming a Patron.
Extended Security Updates through 2026
If a bug is discovered that creates a severe security vulnerability, Windows Update will receive a patch to fix the software and presumably remove the security vulnerability.
This is what Windows Update normally does. This is what is scheduled to end a few days after this article’s posting in October 2025.
The ESU program simply extends that date by one year to October 2026.
It’s free if you meet certain conditions, or $30 for one year. If it’s available to you, you should find the offer in Windows 10’s Settings -> Windows Update.
Do this
If you continue to use Windows 10, then:
- Windows Defender will continue to get database updates through 2028. You don’t need to do anything.
- You can choose to sign up for the ESU program so your copy of Windows will receive security-related fixes until October 2026.
Subscribe to Confident Computing! More information about Windows 10 as it nears its end of life, as well as less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Footnotes & References
1: I refer to it as a database, though I suspect it’s more complex than that.
A lot of the confusion comes from Microsoft’s inability to come up with decent names. They recycle names, for example, the 4 different meanings of Outlook: outlook.com, Outlook Classic (MS Office component), Outlook New [a substandard email program included with WIndows], and the now defunct, Outlook Express.
I loved Outlook Express.
One great thing about ESU is that it’s extremely unlikely that they will change any settings back 😉
why do you not recommend getting the free ESU option by letting microsoft back up your settings. I don’t want to pay $30 and for some reason it will not let me redeem my 1000 points even though I meet all the requirements like being the administrator, and I have all the recommended updates etc. I have over 1000 pts in my acct when I click on redeem it just says I cannot redeem my points
When I wrote this article the ESU appeared to be tied to OneDrive backup, not just settings backup. OneDrive backup is to be avoided at all cost.
I’m in Germany. I didn’t get the offer till this past weekend. When it appeared, the ESU was free with no requirements. I read this is also the case in the US and the rest of the world. Has anyone outside the EU, reading this, gotten the free offer?
I’m in the UK, so I’m outside of the EU. I’ve also never used OneDrive Backup although I have a few minor .docx & .xlsx files in my OneDrive Documents folder which is used to quickly move files between my devices.
I have ‘free’ ESU on all three of my devices…
US Michigan: I was able to sign up for ESU no charge; the message, paraphrased, was something like ‘you are qualified as meeting the requirement and are all set’. Nothing seemed to download, and I have no way to verify that I have the extended coverage. I intended to continue with 10 as Leo suggested earlier, because I use the internet minimally, and with great caution, so if I do not have ESU, nothing much changes. The ‘requirement’ mentioned above is something I did not take much note of, and have forgotten what it was. PFL
My windows 10 security said it was OK for free ESU but when I get to the download option it does not complete it just keeps searching ?? All my security updates are complete for this operation as far as I can tell.
Signing up for ESU doesn’t involve a download. When signed up, I just clicked the link and got a line that I was signed up for ESU.
Signing up now after end of normal support might cause an update to download.
@Mark Jacobs (Tim Leo)
I live in the EU, I’m curious where exactly the link you clicked was, because I haven’t gotten anything yet or I’m looking/searching in the wrong place.
Thanks.
It was on the Windows Update page. It was a one line text link
“Enroll now to continue receiving security updates beyond October 14, 2025.”
After enrollng, I got:
It might be different for different computers.
I waited a few days after the 15th, and found this discussion made it simple to sign up for ESU. Many thanks .
There’s no download option so I’m not sure what you’re doing?
I actually did what was suggested by Ask Leo and low and behold, that “suggested” $30.00 fee was not charged. The response I received said it was FREE followed by the message that said “your computer is enrolled to get ESU”.
It is unclear whether the Win10 Security Intelligence Updates (aka virus/malware database info) that Microsoft say will continue to 2028 will provide the same level of protection as before.
The database updates are only part of the system.
It is unclear whether the “engine” (the antivirus program) will receive any updates or fixes – the published statement makes no claim either way. The other major element is the cloud service component – will this provide the same level of diagnostics and protection as previously?
Antivirus testing has noted that Defender performs well when it has access to an internet connection for additional diagnostic input – but suffers if the cloud services are unavailable.
If Defender only gets database updates but no program updates then the antivirus engine will remain stuck at its current removal and cleanup capabilities. Detections may get updates but the active program code will remain stuck in 2025 and so fall further behind current Win11 Defender abilities.
Would be nice to know the details of how Defender will be supported.