Replying to my own post. According to csoonline.com, MS on Friday evening (Saturday morning UK time) released patches for XP and for Server 2003, reversing its no support stance, after 120,000 horses had bolted.
I'm still unclear on the vector of infection. So the original infection requires opening a trojan email? This would presumably happen on a current Windows system, as no admin would ever let the mission-critical XP system running specialized software in 2017 be corrupted by also running a browser or email software (would he?). And then the infection spreads via LAN to XP machines which until Saturday morning all had an SMB vuln. The NHS and Telefonica networks all required SMB1 for proper operation? Or was the attitude more: "it's been working, so don't fix it." ? You don't know that you don't need it, so you keep it until bzzzt, you're dead?
Biting the hand that feeds IT
