This ISC post encourages all users to move to newer operating systems that Microsoft supports, e.g., Windows 8.1. And if users are not in a favorable position to do so, they should protect Windows XP by hardening security controls
QUOTE: Having obsolete operating systems in a corporate environment is bad enough, there are still many organizations that utilize XP internally. However as part of critical infrastructure it worries me slightly more. Now most of us can’t do much outside of our little sphere of influence, but it is time for the operating system to go. So if junior needs something to do over the next few weeks set them a challenge. Identify all remaining XP devices connected to the network. Categorize them into real XP and embedded XP ( Still some support available for those). Then develop a strategy to get rid of them. If getting rid of them is not an option and there will those of you in that situation, at least look for ways of protecting them a bit better. Consider network segmentation, application whitelisting, endpoint solutions (some will still work on XP). As an absolute minimum at least know where they are and how they are being used. Seek, identify and remove away.