While Microsoft did officially end its support for Windows XP April of 2014, they are doing a rather unusual extra bit of support by now releasing a new patch for XP for the first time in 3 years.  This new patch for the XP operating system is to help protect you from the dangerous and recent ransomware attack called "WANNACRYPT". ( also is called "WANNACRY" in some versions)   
   In a post as described on the Windows Security blog, Microsoft says it's taking this "highly unusual" step after customers worldwide including England's National Health Service suffered a hit from "WannaCrypt" ransomware. Microsoft patched all of its currently supported systems to fix the flaw back in March, but now there's an update available for unsupported systems too, including Windows XP, Windows 8 and Windows Server 2003. 

Click here to go to a link where you can download this patch from Microsoft. 
   The virus/ransomware encrypts your files making them un-available to you till you pay the ransom - the screen that first tells you this looks like this one: 
  WannaCrypt ransom
    Microsoft's legal chief Brad Smith posted yesterday this comment about needing co-operation from the various agencies - the post helps explain a bit more about how this particular threat came to be and could have possibly been prevented. 
    Also of note, is this story about an English malware tech who found the malware was seeking an unregistered domain name. By registering this name the tech activated a "kill-switch" built into the malware shutting it down.  No doubt this helped (at least temporarily) many thousands of systems or more.  Read more about it here in this article excerpt. 

"The spread of the initial release has actually stopped (after infecting more than 123,000 computers) because security researchers registered a domain that the malware checks before the infection starts. As long as the software finds it, a sort of killswitch engages and no encryption occurs. However, as @MalwareTechBlog notes, anyone could modify the attack to remove the killswitch and begin attacking computers again.

That's because even without phishing links, another part of the exploit the searches out a vulnerable server component (SMBv1) on unpatched Windows machines and can infect them remotely. This probably won't work across the internet for PCs behind a firewall or router, but if a server is connected directly to the internet, or a PC is on the same network as an infected computer, it can spread quickly -- which is exactly what happened yesterday."

More shortly - working on this post as the day goes on and more information is available.