The company rushed to issue patches for XP, Windows 8 and Windows Server 2003, all of which are out of support; patches are only supplied to those who are paying premium rates for custom support.
Security firm Kaspersky Lab claimed that nearly two-thirds of the attacks that it tracked were aimed at the 64-bit edition of Windows 7.
Next in line, with much smaller percentages of attacks, were Windows Server 2008 R2 and Windows 10.
The company said it had found one attack from a Russia-based IP address, and a second from a Chinese botnet.
And the security firm Proofpoint said that it had found another actor using the same exploit in concert with a second to mine the cryptocurrency monero.