If your organization still has a few machines running on Windows 7, from here on, you're on your own. Every new bug found should be treated as a zero-day because no new security patches or bug fixes are coming.
If you cannot or will not migrate away from Windows 7, you're going to find yourself increasingly at risk. Fortunately, there are third-party solutions that can help mitigate that risk, including Cynet. Cynet describes itself as autonomous breach protection for Windows 7 users.
Cynet's founder and CEO Eyal Gruner had this to say:
"The reality is that Windows 7 is alive and kicking in many organizations, even if Microsoft chooses not to protect them anymore. It should be a wake-up call to any CISO to ask himself or herself how to adjust to this new reality.
One of our main guidelines when building Cynet 360 was to be able to operate in a fast-changing environment, meaning that every type of attack is analyzed from multiple perspectives, each resulting in a different protection mechanism. If we take exploits targeting Windows 7 as an example, there is first the exploit protection per-se. By closely monitoring process behavior in memory, the detection engine can easily detect behavioral patterns that are typical to exploits and would never occur in a legitimate process."
This then, is one possible security solution. You'll pay a hefty premium for it, but if you need your Windows 7 machines and want a measure of security, the added cost is part of the equation. The costs of upgrading to Windows 10 may be less, so look into it.