Windows 11’s Security Push Puts Microsoft on a Collision Course
When Microsoft debuted Windows 11 at the end of last week, the company heralded the usual advancements in efficiency and design that come with any new operating system. But Windows 11 also comes with a less welcome tick: stricter-than-usual hardware requirements for which PCs can actually run it. Because of what Microsoft has described as security concerns, many devices—even some currently for sale—won’t ever be able to upgrade, leaving a generation of PCs stranded on Windows 10.
To run Windows 11, devices must have an Intel Core processor from at least 2017, or AMD Zen 2 processors from 2019 onward. They’ll also need at least 4 GB of RAM and 64 GB of hard drive storage. Microsoft’s own $3,500 Surface Studio 2 desktop, which you can buy new from the company right now, doesn’t make the cut under these requirements. Microsoft is still exploring the possibility that slightly older chips will make the cut, but either way, you’ll need a pretty recent device to upgrade your operating system.
“Microsoft has a clear vision for how to help protect our customers now and in the future and we know our approach works,” David Weston, Microsoft director of enterprise and operating system security, wrote on Friday. “We are announcing Windows 11 to raise security baselines with new hardware security requirements built-in.”
That baseline appears to hinge on a Trusted Platform Module, or TPM 2.0 chip, a component Microsoft has required in all new Windows devices since 2016. But not all devices that contain a TPM 2.0 chip actually have it enabled, and the process of activating it is technical and involved when it‘s doable at all. Microsoft or individual PC manufacturers would likely need to offer free, in-person assistance to make it feasible for most customers, both individuals and businesses, to enable latent TPM and other features like SecureBoot. Plus, some current device models that you can purchase today still don’t include TPM 2.0s, simply because they’ve been manufactured since before the requirement went into place.
By tying Windows 11 availability to that specific hardware feature, Microsoft may leave scores of devices even more vulnerable in the long run. Those who can’t update to Windows 11 will still have Windows 10, but not forever. Microsoft plans to end support for its 2015 operating system—currently installed on 79 percent of Windows devices worldwide, according to analytics site StatCounter—on October 14, 2025. That will mean no more security patches for the large population of devices that can’t transition onto Windows 11.
While Microsoft may hope that most people will have bought a new, Windows 11-capable PC by then, the horror of the decade-long Windows XP migration is still fresh in the security community’s memory. Security vulnerabilities discovered in XP after Microsoft stopped supporting it created gaping holes for the millions of devices that never upgraded to Windows 7 or beyond. In fact, StatCounter shows that a full 20 years since its initial release, and after numerous industry-wide upgrade efforts, more than half a percent of Windows devices still run XP.
“The first large vulnerability after Windows 10 end-of-life will cause chaos and put customers in a hard place,” says Marcin Kleczynski, CEO of the antivirus firm Malwarebytes. “Microsoft has the responsibility to protect their customers. If half are still on Windows 10, will they leave them out to dry?”
Microsoft declined to comment on the record to WIRED about its vision for the transition or the potential for Windows 10 to become a ticking time bomb. In a blog post on Tuesday, the company acknowledged confusion and concern about which devices will be eligible for the upgrade.