I suspect there are still a lot of military desktops still running Windows XP - and not alert for any security updates.....

https://www.bbc.com/news/technology-48295227

Isn't everyone on MODNET now with Win 7/10?

https://nationalinterest.org/blog/buzz/bad-combination-lethal-aircraft-carriers-and-windows-xp-57027

A Bad Combination: Lethal Aircraft Carriers and Windows XP

https://www.theregister.co.uk/2017/06/27/hms_queen_elizabeth_running_windows_xp/

https://ukdefencejournal.org.uk/new-aircraft-carriers-dont-run-windows-xp/

The Register is rarely a reliable source on defence matters.

I suspect there are still a lot of military desktops still running Windows XP - and not alert for any security updates.....

https://www.bbc.com/news/technology-48295227

Not really.

wasn't is a bug on XP that caught the NHS and others a couple of years back

Yes, but as much to do with p poor IT management than Windows XP per se.
https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/

The key findings of the investigation are:

The Department was warned about the risks of cyber attacks on the NHS a year before WannaCry and although it had work underway it did not formally respond with a written report until July 2017. The Department and Cabinet Office wrote to trusts in 2014, saying it was essential they had “robust plans” to migrate away from old software, such as Windows XP by April 2015. In March and April 2017, NHS Digital had issued critical alerts warning organisations to patch their systems to prevent WannaCry. However, before 12 May 2017, the Department had no formal mechanism for assessing whether local NHS organisations had complied with their advice and guidance and whether they were prepared for a cyber attack.

Yes, but as much to do with p poor IT management than Windows XP per se.
https://www.nao.org.uk/report/investigation-wannacry-cyber-attack-and-the-nhs/

Having been at the front line when the attack happened... At the hospital I worked at some systems still ran on XP, the IT department wanted to upgrade but some departments (Pathology in my experience) used a system which was built on XP. It worked and if the Path labs wanted to upgrade the OS then the Lab system was not certified on any other platform. The system supplier could provide an upgrade , reputedly for £1m which the hospital simply did not have.
With some systems the suppliers would not allow system security updates as this could cause the clinical system to fail, so if IT carried out an update which caused problems the system supplier washed their hands. It also helped if the hospital could afford to pay maintenance fees to ensure upgrades happened.

A direct consequence of cost cutting, hospitals had to prioritize budgets. If it worked.....