It is not the OS, even the hardware
...that is a problem. Hardware is relatively cheap, and building an OS image and deploying it across thousands of workstations can be done in weeks. The problem -generally speaking, not in this specific case- are applications.
Start with poorly documented applications written ten years ago, whose source code -when you have it- depends to compile or execute on certain specific versions of DLLs and/or IDEs. They don't have any installers, just a bunch of files copied across, including configuration files and depend on local configuration details (e.g, specific drive letters) whose meaning has been lost in time and conflict with the minimum sane security settings requiring all kinds of overrides to policies. Add to it that some of these applications have a test environment, but some of them do not. Plus, the knowledge of what the application does has been lost because the people involved have retired, fired, or moved elsewhere.
And finally, when you ask for documentation you'll likely find something that does not describe the innards of the application, the processes it supports or both. That is, if said documentation exists at all. Anyway, it is likely out of date, which is often more dangerous than not having any documentation at all.
And before you say "this would not happen had they followed proper processes" let me give you some food for thought: most of these applications were built without any IT support at all, just some group asking for a server to be installed and handing over support to a third party. This third party is asking now for ransomely sums of money to move the application to W7 or higher, and the business unit/goverment department cannot afford the budget and/or the luxury of allocating dedicated resources for three months just to test the migrated application.
Mix this with the classic scenario of annual plans to replace/upgrade applications that are not ever executed (because there are other priorities, you know anything that gives a short term benefit especially in politics takes preference) and you have the perfect storm that may make you keep an old version of something running for decades.
Ever wondered why it took Munich 10 years to move away from Windows? Was not because they needed 10 years to install 50K Linux images. It was because they needed 10 years to move applications. And even when they say that they are done, they likely still keep some virtual Windows instances somewhere for the few that are not worth replacing. Because, you know, the annual plan says they will be replaced next year...