There is a big difference between win9x and modern battle hardened OSs that were sitting on the modern internet for a decade. As the parent points out for windows, and its similar for linux, the security exploits are largely in _NEW_ code being rewritten rather than the code which is being tossed, hence the recent huge privilege escalation bug in the linux kernel last week.

So, yes its planned obsolescence particular when random buffer overflow/etc kinds of bugs get found in these older OSs fixing them isn't some huge lift for ms/whoever since most of the time its just a one line fix. And in the cases where the bug exists across multiple versions, its likely because its old untouched code so fixing it in the newer OS also fixes it in the older ones if someone figures out how to `git cherry-pick` or equivilant.

I've said it before and I will say it again, the major OS providers should be on the hook for security fixes for the lifetime of the product its been licensed to run on. That means if I want to play games on a 25 year old computer, i shouldn't have to worry about whether some 10 year old bug means I'm going to be exploited the second someone passes an image over that exploits a bug in the jpg decoder.