There are just two patch Tuesdays left until Windows 7 and Windows Server 2008 reach their end of support cut off in January 2020.
Organisations that are unable (or unwilling) to make the leap to Windows 10 do have the option to purchase extended support from Microsoft. Exactly how Volume Licensing customers can do this has been detailed in a recent blog post by Microsoft. Called Extended Security Updates, this service can provide some essential breathing room for those organisations who have not quite finished their migration to Microsoft’s new platforms. (If you get your support via a CSP, they will be able to offer the extended support contracts from 1st December 2019.)
With critical vulnerabilities being found regularly in Windows 7 and Server 2008 components (like the Internet Explorer remote code execution zero day fixed in the November patches CVE-2019-1429) running without future patches is not an option for security minded organisations. Windows 7 is now 10 years old, so it’s perhaps not surprising that it remains vulnerable to attacks and techniques only invented in the last few years.