Running End-of-Life devices or apps is a major security risk. The US CISA has recently released a Directive on the topic: https://www.cisa.gov/news-events/directives/bod-26-02-mitigating-risk-end-support-edge-devices

It's worth mentioning we share many End-of-Life devices/apps in our daily reporting, tagged 'eol'.

See: https://dashboard.shadowserver.org/statistics/combined/time-series/?date_range=7&source=exchange&source=exchange6&source=http_vulnerable&source=http_vulnerable6&tag=eol%2B&dataset=unique_ips&limit=100&group_by=geo&stacking=stacked&auto_update=on

Over 57.5K IPs seen tagged with 'eol' in our exposed web service reporting alone! IP data shared for example in
https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/

Dashboard World Map view: https://dashboard.shadowserver.org/statistics/combined/map/?date_range=1&map_type=std&source=exchange&source=exchange6&source=http_vulnerable&source=http_vulnerable6&tag=eol%2B&data_set=count&scale=log&auto_update=on

Dashboard Tree Map view: https://dashboard.shadowserver.org/statistics/combined/tree/?date_range=1&source=exchange&source=exchange6&source=http_vulnerable&source=http_vulnerable6&tag=eol%2B&data_set=count&scale=log&auto_update=on