The two people said that GAO found that many U.S. embassies and missions use vulnerable legacy systems, including WindowsXP, an operating system Microsoft stopped providing any automatic updates to almost a decade ago. That means that Microsoft is not developing patches or fixes for any security holes that emerge that hackers could exploit to gain access to those networks. “This is a huge problem in my opinion, if that’s true of course,” said Vahid Behazadan, assistant professor of computer science at the University of New Haven. “If no other provider is available to provide the patch, then the attackers can...