Despite all the EOS dates and warnings, you can still get “free” monthly security updates for Windows 7 directly from Windows Update [1]. Windows 10 IoT LTSC support ends in 2032 [2]. If the trend continues, as long as you are OK with some morally dubious practices, you can get security updates for your installation for at least 10 years.
For Windows 7 you have to manually force-install an update (from Microsoft) which unlocks further ESU updates. One can view this either as modifying software for ensuring interoperability (which is allowed in most of EU) or as bypassing DRM (which gets you a jail time under DMCA).
For Windows 10 you have to obtain Enterprise LTSC license. Those come only via volume-deals and are not officially available for us mere mortals. On the other hand, in EU reselling licenses is explicitly allowed (no matter what EULA tells you) and there are tons of dirt-cheap second-hand LTSC licenses. Again - one can see this as either outright stealing or exercising your consumer rights.
No idea how that applies to US laws.
Note that the Windows 10 IoT Enterprise Long-Term Servicing Channel (LTSC) and Windows 10 IoT Enterprise will continue to receive updates based on their specific lifecycles.
This does not affect LTSC users. Updates continue at least until 2027 for mainstream support.
Windows 8 didn’t get an ESU program though, I have to assume because it didn’t get the adoption of 7 and people mostly moved on to 10.
The difference is that the Windows 10 updates will be available as a subscription for regular consumers rather than being purely for enterprise customers. AFAIK this is a first for Microsoft.
edit: combined comments, fixed spacing/format
And I believe you can “get” one with this