In the case of BlueKeep, Microsoft did offer patches for Windows XP even though it's not supported to head off the chance of another WannaCry outbreak.
And it's not just smaller organizations with huge numbers of PCs still on Windows 7. The UK's National Health Service, which was hit hard by WannaCry, admitted in July that it had one million PCs running on Windows 7.
"The widespread use of Windows 7 is concerning as there is less than six months to go until this version becomes unsupported," said Alexey Pankratov, enterprise solutions manager at Kaspersky.
"The reasons behind the lag in updating an OS vary depending on the software in place, which may be unable to run on the newest OS versions, to economic reasons, and even down to comfortability of routinely using the same OS.
"Nonetheless, an old unpatched OS is a cybersecurity risk and the cost of an incident may be substantially higher than the cost of upgrading. This is why we recommend that customers migrate to supported versions and ensure that additional security tools are in place during the transition period."