Home / Threat Intelligence bulletins / Windows edition 21H2 at end of service

Target Industry

Indiscriminate, opportunistic targeting.


Microsoft has recently announced that the Windows edition 21H2 is now at the end of service (EOS) and will no longer receive security updates. This was announced on Tuesday 13th June 2023 as part of Microsoft’s monthly Patch Tuesday.

The versions of Windows that will no longer receive security updates are Windows 10 21H2 Home, Pro, Pro Education and Pro for Workstations. A deployment of the update known as 22H2 will be rolled out to all users of the 21H2 version in November 2023.


If devices used by an organisation are not updated as soon as possible to the most recent available patch, this will leave them vulnerable to known exploits. As the exploits that could be applied to an out-of-date system are known, many will have publicly available information on how they can be executed, allowing even inexperienced threat actors to potentially gain access to vital organisation systems. These systems can then be victims of malicious code execution or deployment of malware to destroy or exfiltrate personal information for monetary gain or further exploitation.

Vulnerability Detection

A comprehensive endpoint detection and response (EDR) solution, such as Microsoft Defender, can provide additional protection against known emerging threats. EDRs can alert system users of potential breaches and prevent further progress, prior to the malware being able to implement significant damage.

Affected Products

Windows 10 Home, version 21H2

Windows 10 Pro, version 21H2

Windows 10 Pro Education, version 21H2

Windows 10 Pro for Workstations, version 21H2

Containment, Mitigations & Remediations

As mentioned previously, it is recommended that an EDR solution is implemented which will allow for the prevention or mitigation of potential attacks from a wide range of threats in real time.

All devices should implement the most recent vendor updates available as these will contain updates to their security features to help prevent exploitation from known threats. Although the update will be automatically applied to systems using the old version, Microsoft is urging users to stay secure by updating their devices as soon as possible to the new version, including those set to automatically defer updates.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Microsoft occupies a significant proportion of the desktop operating system market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Microsoft products have become a prime target for threat actors. Due to the fact that Microsoft products have become an integral aspect of both personal and business affairs, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive information contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

No attribution to specific Mitre methodologies has been identified at the time of writing.

Further Information

Microsoft: Windows 10 21H2 has reached end of servicing

Intelligence Terminology Yardstick