Last weekend the WannaCry ransomware infection caused havoc in hundreds of countries and across hundreds of thousands of machines, and in the immediate aftermath of the hit, many were pointing the finger at outdated versions of Windows XP for allowing WannaCry to cause so much damage.

In fact, new research from Kaspersky shows, 98 percent of the computers hit by WannaCry were actually running Windows 7 – a more modern OS that’s still officially supported by Microsoft. A patch was issued to protect Windows 7 from this kind of exploit in March, so these would appear to be systems that haven’t yet been updated.

So far Kaspersky has only shared one tweet with the statistic – we’ll update this story if we hear more from the security firm- but it shows that running a more recent version of Windows doesn’t necessarily make you safe: it’s the regular patching and updating that keeps you (and your business) protected, not just upgrading your OS as a whole.

Microsoft no longer provides regular patches for Windows XP, which is why last week’s update in response to WannaCry was so unusual. Now it turns out that Windows 7 attacks were far more common, an OS released in 2009 that’s still the most popular in terms of market share, running on 48.5 percent of desktop computers worldwide.

Windows 10 is the only version of Windows completely safe from WannaCry, according to Microsoft, though the ransomware continues to evolve out in the wild. A small number of Windows 10 hits are shown in Kaspersky’s chart, but these are due to manual infections carried out for testing.

Meanwhile, security experts continue to release tools to fight WannaCry, with the latest one removing the ransomware as long as the infected system hasn’t been rebooted. If you’re after a complete guide to how you can stay protected, we’ve got you covered.