Just a heads up that Microsoft has released special out-of-band security updates in June 2017 to patch vulnerabilities for three additional NSA-leaked exploits (EnglishmanDentist, EsteemAudit and ExplodingCan) for older Windows operating systems. This is in addition to out-of-band EternalBlue (WannaCry ransomware) vulnerability patch released last month for Win XP.
See Woody Leonhard's Computerworld article There's a reason Microsoft is patching Windows XP again this month as well as the June 2017 blog entry on the Microsoft Security Response Center subtitled Microsoft releases additional updates for older platforms to protect against potential nation-state activity.
A list of recommended security updates and download links are posted in Tables 1, 2 and 3 of the Microsoft Security Advisory 4025685: Guidance for Older Platforms: June 13, 2017 referenced in these articles. To the best of my knowledge, these updates are not being delivered to home users via Windows Update with older XP SP3 / Vista SP2 / Win 8 (not Win 8.1) platforms and must be installed manually using .msu offline installers.
Here's a sample list of the updates in Tables 2 and 3 of security advisory 4025685 that were missing from my Vista SP2 machine. Note that my OS was fully patched when extended support for Vista SP2 ended on 11-Apr-2017.
KB4018271 (Cumulative Security Update for Internet Explorer 9: May 9, 2017)
KB4018466 (Security Update for the Windows SMB Information Disclosure Vulnerability: May 9, 2017)
KB4021903 (LNK Remote Code Execution Vulnerability: June 13, 2017)
KB4024402 (Windows Search Vulnerabilities: June 13, 2017)
KB4019204 (Security Update for the Windows win32k Information Disclosure Vulnerability: May 9, 2017)
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.2.0 * NS Premium v22.9.4.8 * MB v3.1.2