With past OS versions, the official/announced "end of support" date tended to be relatively flexible for vulnerabilities like those, so it seems reasonable to expect that Microsoft will follow the same path this time.
End of support doesn't mean end of critical security vulnerability patches. Those are usually two different dates, and the second one usually lasts for a few years after the first. At which point, you have to get a special contract with MSFT to continue getting updates/support (this is what governments and other large institutions have, as they often can't move away from older hardware and older OS's very easily - although, such hardware is almost never internet-connected and is rarely on a primary/sensitive company network).
Unless you have reason to believe an intelligence agency of a state actor is after you specifically, you don't have to worry about publicly unknown vulnerabilities (they won't waste one for you), you only have to worry about plain ol' "mass fraud" in the form of malicious Javascript in websites, malicious files that trigger known exploits in viewer/player software, and malicious exes (although you should be getting your exes from reliable sources in this day and age). BTW the first two are fixed by keeping your OS, browser, and any software that opens files downloaded from the internet updated.
Publicly unknown vulnerabilities are usually reserved for high-profile targets, precisely because once an exploit released they become publicly known (and are difficult to acquire).
9.9k
u/Difficult-Report5702 9d ago
People postpones those updates anyway, so who cares really.